Title
c

chilly-photographer-60932

02/19/2020, 11:58 PM
How are you all deploying
istio
within
k8s
using
pulumi
? Especially with the new recommended way of using
istioctl
over
helm
?
Istio
and
helm
don’t work very well together IMO.
@gorgeous-egg-16927 Do you have any thoughts?
cc @incalculable-angle-91273
m

millions-judge-24978

02/20/2020, 3:47 PM
I’ve had good luck recently with the operator. https://istio.io/operator.yaml with
k8s.yaml.ConfigGroup
, then just create the
k8s.apiextensions.CustomResource
You could even translate the
operator.yaml
into native pulumi, it’s only a few resources.
c

chilly-photographer-60932

02/20/2020, 5:19 PM
We are not comfortable with experimental tool for managing our production workloads
m

millions-judge-24978

02/20/2020, 5:26 PM
Fair, although I’m not sure
istioctl
or any of the installation methods could be described as much better
g

gorgeous-egg-16927

02/20/2020, 5:32 PM
I have no experience with production Istio deployments, but I’m generally a bit leery of using yet another standalone tool to manage k8s resources. It looks like you can use
istioctl
to generate manifests [1], so that could be an option for deploying with Pulumi. In other words, run
istioctl manifest generate ...
and then manage the output in Pulumi with a
k8s.yaml.ConfigGroup
. [1] https://istio.io/docs/setup/install/istioctl/#generate-a-manifest-before-installation
I strongly prefer working with the resource definitions directly (either YAML manifests, or native Pulumi code), because it’s much clearer when things change, and how to fix when something breaks.