Tetrate Istio SubscriptionVersion: Next

Install a Tetrate Istio distribution using helm

Helm is the best way to deploy a Tetrate Istio distribution in a standard, automatable manner. Helm manages upgrades and installation cleanly.

For quick experiments, you could install using istioctl.

Before you begin

You need a Kubernetes cluster, and the kubectl command-line tool must be configured to communicate with your cluster. Istio has a number of platform and networking/application requirements.

You also need the helm tool (version 3.6 or later) to install using this method.

You will need credentials from Tetrate to access Tetrate's repository. Verify these credentials with the following command:

export TIS_USER="<tis-username>"
export TIS_PASS="<tis-password>"

curl -u "${TIS_USER}:${TIS_PASS}" -s https://addon-containers.istio.tetratelabs.com/v2/proxyv2/tags/list | jq

If the credentials are valid, you will obtain a list of TAGs, corresponding to Tetrate's supported Istio versions and builds. Choose and define the TAG (for example, 1.18.2-tetrate-v0) and VERSION (for example, 1.18.2) that matches the version and build you wish to install:

export TAG=1.18.2-tetrate-v0
export VERSION=1.18.2

Installation Steps

Add the Tetrate Helm Repo

Add Tetrate's Helm repo, and verify you can see the Tetrate Istio distribution releases:

helm repo add tetratelabs https://tetratelabs.github.io/helm-charts/
helm repo update tetratelabs

helm search repo tetratelabs

Determine the Install Version
Tetrate provide support for a number of Istio releases.
Installing the latest version
To install the latest version, omit this step, and omit the --version $VERSION flag from the helm commands below.
You can list the available releases as follows:
```
helm search repo tetratelabs/base --versions
```
Set $VERSION to your target version, such as 1.18.2:
```
export VERSION=1.18.2
```

Install a new kubernetes pull secret with your credentials

We'll create a secret named tetrate-tis-creds, using the username and password:

kubectl create namespace istio-system

kubectl create secret docker-registry tetrate-tis-creds \
    --docker-server="addon-containers.istio.tetratelabs.com" \
    --docker-username=${TIS_USER} \
    --docker-password=${TIS_PASS} \
    --docker-email="${USER}@" \
    -n istio-system

Install the Istio Control Plane

Create the istio-system namespace, and install Tetrate's Istio base and istiod charts. These contains the CRDs (custom resource definitions) required for the Istio install, and the istiod service:

kubectl create namespace istio-system
helm install istio-base tetratelabs/base -n istio-system \
    --set global.tag=${TAG} \
    --set global.hub="addon-containers.istio.tetratelabs.com" \
    --set "global.imagePullSecrets[0]=tetrate-tis-creds" \
    --version ${VERSION}

helm install istiod tetratelabs/istiod -n istio-system \
    --set global.tag=${TAG} \
    --set global.hub="addon-containers.istio.tetratelabs.com" \
    --set "global.imagePullSecrets[0]=tetrate-tis-creds" \
    --version ${VERSION}

After a few seconds, verify that the istio-base and istiod releases are installed and that the istiod pod is running:

helm ls -n istio-system
kubectl get pods -n istio-system

Install Istio Gateway

Finally, install Istio Gateway into the istio-ingress namespace. Verify that the istio-ingressgateway pod is running and the istio-ingress release is installed:

kubectl create namespace istio-ingress

kubectl create secret docker-registry tetrate-tis-creds \
    --docker-server="addon-containers.istio.tetratelabs.com" \
    --docker-username=${TIS_USER} \
    --docker-password=${TIS_PASS} \
    --docker-email="${USER}@" \
    -n istio-ingress

helm install istio-ingress tetratelabs/istio-ingress -n istio-ingress \
    --set global.tag=${TAG} \
    --set global.hub="addon-containers.istio.tetratelabs.com" \
    --set "global.imagePullSecrets[0]=tetrate-tis-creds" \
    --version ${VERSION}

sleep 5

helm ls -n istio-ingress
kubectl get pods -n istio-ingress

Upgrade the Installation

When you need to upgrade the version, the steps are similar to the install command.

Query the installed version:

helm ls -n istio-system ; helm ls -n istio-ingress

List available versions:

helm repo update tetratelabs
helm search repo tetratelabs/base --versions

To upgrade to the latest release:

helm upgrade istio-base tetratelabs/base -n istio-system --reuse-values
helm upgrade istiod tetratelabs/istiod -n istio-system --reuse-values
helm upgrade istio-ingress tetratelabs/istio-ingress -n istio-ingress --reuse-values

To upgrade to an intermediate release:

Set $VERSION to the target release version, e.g. 1.18.2

helm upgrade istio-base tetratelabs/base -n istio-system --version ${VERSION} --reuse-values
helm upgrade istiod tetratelabs/istiod -n istio-system --version ${VERSION} --reuse-values
helm upgrade istio-ingress tetratelabs/istio-ingress -n istio-ingress --version ${VERSION} --reuse-values

Uninstall a Tetrate Istio distribution

Before removing a Tetrate Istio distribution deployment, all the applications and gateways should be off-boarded.

Use helm uninstall for each chart:

helm uninstall istio-ingress -n istio-ingress
kubectl delete namespace istio-ingress

helm uninstall istiod --namespace istio-system
helm uninstall istio-base --namespace istio-system
kubectl delete namespace istio-system

Next Steps

Once you have installed and validated your Tetrate Istio distribution install, you can proceed to the Istio good practices guide.

Install a Tetrate Istio distribution using helm

Before you begin​

Installation Steps​

Add the Tetrate Helm Repo​

Determine the Install Version​

Install a new kubernetes pull secret with your credentials​

Install the Istio Control Plane​

Install Istio Gateway​

Upgrade the Installation​

Uninstall a Tetrate Istio distribution​

Next Steps​