How to Install and Configure Istio Ingress with Helm
Adrian Steer 
Introduction
This article offers an overview of the Helm install process and the IngressController implementations for Istio. Upon completing this tutorial, you should be able to deploy a complete, working Istio IngressController via Helm as per the Istio getting started documentation. Note: This article assumes Istio 1.20.1. See also Istio issue 46791 ›
Tetrate offers an enterprise-ready, 100% upstream distribution of Istio, Tetrate Istio Subscription (TIS). TIS is the easiest way to get started with Istio for production use cases. TIS+, a hosted Day 2 operations solution for Istio, adds a global service registry, unified Istio metrics dashboard, and self-service troubleshooting.
Install Istio
The following changes the default installation documentation here. The documented process installs the Istio Gateway into a different location than is expected by the configuration.
Add the Istio helm repository:
helm repo add istio https://istio-release.storage.googleapis.com/chartsCreate the namespace and install the base chart:
kubectl create ns istio-system
helm install istio-base istio/base -n istio-systemInstall and configure istiod:
helm upgrade --install istiod istio/istiod -n istio-system \
--set meshConfig.ingressSelector=istio-ingress \
--set meshConfig.ingressService=istio-ingress \
--set pilot.env.K8S_INGRESS_NS=istio-ingressNote: The public documentation installs the gateway into a location that is not expected. Here we change those defaults to accommodate this. See the following:
Install the gateway as per the documentation:
kubectl create ns istio-ingress
helm install istio-ingress istio/gateway -n istio-ingressNote:If the istiod installation has not been customized, the gateway should be installed as per below:
helm install istio-ingressgateway istio/gateway -n istio-systemIngressClass
The following defines the Istio IngressClass:
cat <<EOF | kubectl apply -f -
apiVersion: networking.k8s.io/v1
kind: IngressClass
metadata:
name: istio
annotations:
ingressclass.kubernetes.io/is-default-class: "true"
spec:
controller: istio.io/ingress-controller
EOFhttpbin
The following installs the httpbin application:
kubectl apply -f https://raw.githubusercontent.com/istio/istio/master/samples/httpbin/httpbin.yamlAnd create the Ingress resource:
cat <<EOF | kubectl apply -f -
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: httpbin
spec:
ingressClassName: istio
rules:
- host: httpbin.example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: httpbin
port:
number: 8000
EOFValidation
Check to see that the Helm values are correct:
$ helm get values istiod -n istio-system
USER-SUPPLIED VALUES:
meshConfig:
ingressSelector: istio-ingress
ingressService: istio-ingress
pilot:
env:
K8S_INGRESS_NS: istio-ingressThe Ingress resource should have an external IP address associated with it:
$ kubectl get ingress -A
NAMESPACE NAME CLASS HOSTS ADDRESS PORTS AGE
default httpbin istio httpbin.example.com 192.168.0.21 80 7sNote: If there is no external IP, the field is blank, then the Ingress resource has not been implemented upon a gateway.
Conclusion
As you can see from the above, the default Istio installation relies upon several distinct, default configuration values which are correct when deploying with the supplied istioctl profiles. When Helm is used to deploy, specific configuration away from those defaults is much easier. You should now have enough information to be able to find and alter those default values.
Adrian Steer 
