Bloomberg and Tetrate partner on Envoy-powered AI Gateway.

Learn more about the collaboration › close
Tetrate Enterprise ready service mesh
Get Demo
Pricing
Home

|

Blog

|

How to Install and Configure Istio Ingress with Helm

How to Install and Configure Istio Ingress with Helm

| Author: Adrian Steer

Service Mesh Architecture

Article content

Install and Configure Istio Ingress with Helm

Introduction

This article offers an overview of the Helm install process and the IngressController implementations for Istio. Upon completing this tutorial, you should be able to deploy a complete, working Istio IngressController via Helm as per the Istio getting started documentation. Note: This article assumes Istio 1.20.1. See also Istio issue 46791 ›

Tetrate offers an enterprise-ready, 100% upstream distribution of Istio, Tetrate Istio Subscription (TIS). TIS is the easiest way to get started with Istio for production use cases. 
Get access now ›

Install Istio

The following changes the default installation documentation here. The documented process installs the Istio Gateway into a different location than is expected by the configuration.

Add the Istio helm repository:

helm repo add istio https://istio-release.storage.googleapis.com/charts

Create the namespace and install the base chart:

kubectl create ns istio-system
helm install istio-base istio/base -n istio-system

Install and configure istiod:

helm upgrade --install istiod istio/istiod -n istio-system \
  --set meshConfig.ingressSelector=istio-ingress \
  --set meshConfig.ingressService=istio-ingress \
  --set pilot.env.K8S_INGRESS_NS=istio-ingress

Note: The public documentation installs the gateway into a location that is not expected. Here we change those defaults to accommodate this. See the following:

Install the gateway as per the documentation:

kubectl create ns istio-ingress
helm install istio-ingress istio/gateway -n istio-ingress

Note:If the istiod installation has not been customized, the gateway should be installed as per below:

helm install istio-ingressgateway istio/gateway -n istio-system

IngressClass

The following defines the Istio IngressClass:

cat <<EOF | kubectl apply -f -
apiVersion: networking.k8s.io/v1
kind: IngressClass
metadata:
  name: istio
  annotations:
    ingressclass.kubernetes.io/is-default-class: "true"
spec:
  controller: istio.io/ingress-controller
EOF

httpbin

The following installs the httpbin application:

kubectl apply -f https://raw.githubusercontent.com/istio/istio/master/samples/httpbin/httpbin.yaml

And create the Ingress resource:

cat <<EOF | kubectl apply -f -
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: httpbin
spec:
  ingressClassName: istio
  rules:
  - host: httpbin.example.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: httpbin
            port:
              number: 8000
EOF

Validation

Check to see that the Helm values are correct:

$ helm get values istiod -n istio-system
USER-SUPPLIED VALUES:
meshConfig:
  ingressSelector: istio-ingress
  ingressService: istio-ingress
pilot:
  env:
    K8S_INGRESS_NS: istio-ingress

The Ingress resource should have an external IP address associated with it:

$ kubectl get ingress -A
NAMESPACE   NAME      CLASS   HOSTS                 ADDRESS        PORTS   AGE
default     httpbin   istio   httpbin.example.com   192.168.0.21   80      7s

Note: If there is no external IP, the field is blank, then the Ingress resource has not been implemented upon a gateway.

Conclusion

As you can see from the above, the default Istio installation relies upon several distinct, default configuration values which are correct when deploying with the supplied istioctl profiles. When Helm is used to deploy, specific configuration away from those defaults is much easier. You should now have enough information to be able to find and alter those default values.

###

If you’re new to service mesh, Tetrate has a bunch of free online courses available at Tetrate Academy that will quickly get you up to speed with Istio and Envoy.

Are you using Kubernetes? Tetrate Enterprise Gateway for Envoy (TEG) is the easiest way to get started with Envoy Gateway for production use cases. Get the power of Envoy Proxy in an easy-to-consume package managed by the Kubernetes Gateway API. Learn more ›

Getting started with Istio? If you’re looking for the surest way to get to production with Istio, check out Tetrate Istio Subscription. Tetrate Istio Subscription has everything you need to run Istio and Envoy in highly regulated and mission-critical production environments. It includes Tetrate Istio Distro, a 100% upstream distribution of Istio and Envoy that is FIPS-verified and FedRAMP ready. For teams requiring open source Istio and Envoy without proprietary vendor dependencies, Tetrate offers the ONLY 100% upstream Istio enterprise support offering.

Get a Demo

Let's Get In Touch

For more information or a demo request, just drop us a message.

Contact Us