How are you all deploying `istio` within `k8s` using `pulumi

Question

How are you all deploying `istio` within `k8s` using `pulumi` Especially with the new recommended way of using `istioctl` over `helm` `Istio` and `helm` don t work very well together IMO

chilly-photographer-60932 · Answer

< gorgeous egg 16927> Do you have any thoughts

chilly-photographer-60932 · Answer

cc < incalculable angle 91273>

millions-judge-24978 · Answer

I ve had good luck recently with the operator <https istio io operator yaml> with `k8s yaml ConfigGroup` then just create the `k8s apiextensions CustomResource`

millions-judge-24978 · Answer

You could even translate the `operator yaml` into native pulumi it s only a few resources

chilly-photographer-60932 · Answer

We see it is <https istio io docs setup install standalone operator > experimental

chilly-photographer-60932 · Answer

We are not comfortable with experimental tool for managing our production workloads

millions-judge-24978 · Answer

Fair although I m not sure `istioctl` or any of the installation methods could be described as much better

gorgeous-egg-16927 · Answer

I have no experience with production Istio deployments but I m generally a bit leery of using yet another standalone tool to manage k8s resources It looks like you can use `istioctl` to generate manifests 1 so that could be an option for deploying with Pulumi In other words run `istioctl manifest generate ` and then manage the output in Pulumi with a `k8s yaml ConfigGroup` 1 <https istio io docs setup install istioctl generate a manifest before installation>

gorgeous-egg-16927 · Answer

I strongly prefer working with the resource definitions directly either YAML manifests or native Pulumi code because it s much clearer when things change and how to fix when something breaks