Reputation: 236
Istio + Helm + Tiller Instalation - How to secure everything?
I have K8s installed in a 3 nodes cluster. I want to install Istio in a secure way. My question is: When installing Istio via Helm (as recommended in the docs) do I need to install Helm securely (RABC and TSL/SSL) as recommended in the Docs?
The reason for this question is the conflicting information between the two documentations. The Istio docs say only to do a simple helm init --service-account tiller. However in the Helm documentations it is recommended to go through all the security of Helm. In other words: Does Istio covers Helm insecure installation?
Upvotes: 0
Views: 245
Answers (1)
Reputation: 5253
According to the Documentation about deploying Istio via Helm chart, the implementation steps won’t cover any security configuration to your Tiller service by default. Therefore, if you consider using a cluster with no concerns to the development environment the best solution would be applying Security configuration to Helm chart.
In general, Istio security implementation covers three concepts: Authentication policies, Mutual TLS authentication and Authorization policy.
Basically, Istio mesh installation via Helm chart enables Mutual TLS authentication by default with the existing parameter global.mtls.enabled in Helm template.
Upvotes: 1
Related Questions
- Simple Getting Started Istio Helm Install
- Setting up on ISTIO on EKS cluster using Terraform or Helm
- Helm best practices
- Istio Service Mesh Security with AuthorizationPolicy & RequestAuthentication
- Install Istio on EKS cluster using Terraform and Helm
- How to inject istio to deployments which are deployed using helm
- Is there any solution to deploy Istio in Kubernetes Cluster without Helm
- Pass Annotation (To create Private load balancer ) to helm while installing ISTIO on Azure Kubernetes service
- Setting up SSL between Helm and Tiller
- helm install istio returns forbidden error