Istio + Helm + Tiller Instalation - How to secure everything?


I have K8s installed in a 3 nodes cluster. I want to install Istio in a secure way. My question is: When installing Istio via Helm (as recommended in the docs) do I need to install Helm securely (RABC and TSL/SSL) as recommended in the Docs?

The reason for this question is the conflicting information between the two documentations. The Istio docs say only to do a simple helm init --service-account tiller. However in the Helm documentations it is recommended to go through all the security of Helm. In other words: Does Istio covers Helm insecure installation?

-- Guilherme Uzeda

1 Answer


According to the Documentation about deploying Istio via Helm chart, the implementation steps won’t cover any security configuration to your Tiller service by default. Therefore, if you consider using a cluster with no concerns to the development environment the best solution would be applying Security configuration to Helm chart.

In general, Istio security implementation covers three concepts: Authentication policies, Mutual TLS authentication and Authorization policy.

Basically, Istio mesh installation via Helm chart enables Mutual TLS authentication by default with the existing parameter global.mtls.enabled in Helm template.

-- mk_sta
Source: StackOverflow