K
Q

Istio + Helm + Tiller Instalation - How to secure everything?

10/17/2018

I have K8s installed in a 3 nodes cluster. I want to install Istio in a secure way. My question is: When installing Istio via Helm (as recommended in the docs) do I need to install Helm securely (RABC and TSL/SSL) as recommended in the Docs?

The reason for this question is the conflicting information between the two documentations. The Istio docs say only to do a simple helm init --service-account tiller. However in the Helm documentations it is recommended to go through all the security of Helm. In other words: Does Istio covers Helm insecure installation?

-- Guilherme Uzeda
istio
kubernetes
kubernetes-helm

Similar Questions

How to get the history of all states while 'describing' a pod in Kubernetes?
Helm appears to parse my chart differently depending on if I use --dry-run --debug?
Installing Apache Airflow 1.10.0 in kubernetes - Flask errors
Kubernetes config: on code repo vs on helm charts repo

1 Answer

10/18/2018

According to the Documentation about deploying Istio via Helm chart, the implementation steps won’t cover any security configuration to your Tiller service by default. Therefore, if you consider using a cluster with no concerns to the development environment the best solution would be applying Security configuration to Helm chart.

In general, Istio security implementation covers three concepts: Authentication policies, Mutual TLS authentication and Authorization policy.

Basically, Istio mesh installation via Helm chart enables Mutual TLS authentication by default with the existing parameter global.mtls.enabled in Helm template.

-- mk_sta
Source: StackOverflow