Add helm installation steps for multi-cluster

content/en/docs/setup/install/multicluster/before-you-begin/index.md

@@ -95,6 +95,11 @@ Choose the installation that best fits your needs:
 
 - [Install Primary-Remote on Different Networks](/docs/setup/install/multicluster/primary-remote_multi-network)
 
+{{< tip >}}
+If you plan on installing Istio multi-cluster using Helm, follow the
+[Helm prerequisites](/docs/setup/install/helm/#prerequisites) in the Helm install guide first.
+{{< /tip >}}
+
 {{< tip >}}
 For meshes that span more than two clusters, you may need to use more than
 one of these options. For example, you may have a primary cluster per region

content/en/docs/setup/install/multicluster/common.sh

@@ -71,27 +71,27 @@ function configure_trust
   popd || exit # Return to the previous directory.
 }
 
-# cleanup removes all resources created by the tests.
-function cleanup
+# cleanup_istioctl removes all resources created by the tests with istioctl.
+function cleanup_istioctl
 {
   # Remove temp files.
   rm -f cluster1.yaml cluster2.yaml certs
 
   # Cleanup both clusters concurrently
-  cleanup_cluster1 &
-  cleanup_cluster2 &
+  cleanup_cluster1_istioctl &
+  cleanup_cluster2_istioctl &
   wait
 }
 
-# cleanup_cluster1 removes the istio-system and sample namespaces on CLUSTER1.
-function cleanup_cluster1
+# cleanup_cluster1_istioctl removes the istio-system and sample namespaces on CLUSTER1 with istioctl.
+function cleanup_cluster1_istioctl
 {
   echo y | istioctl uninstall --revision=default --context="${CTX_CLUSTER1}"
   kubectl delete ns istio-system sample --context="${CTX_CLUSTER1}" --ignore-not-found
 }
 
-# cleanup_cluster2 removes the istio-system and sample namespaces on CLUSTER2.
-function cleanup_cluster2
+# cleanup_cluster2_istioctl removes the istio-system and sample namespaces on CLUSTER2 with istioctl.
+function cleanup_cluster2_istioctl
 {
   echo y | istioctl uninstall --revision=default --context="${CTX_CLUSTER2}"
   kubectl delete ns istio-system sample --context="${CTX_CLUSTER2}" --ignore-not-found
@@ -148,3 +148,43 @@ function verify_load_balancing
   _verify_contains snip_verifying_crosscluster_traffic_3 "$EXPECTED_RESPONSE_FROM_CLUSTER1"
   _verify_contains snip_verifying_crosscluster_traffic_3 "$EXPECTED_RESPONSE_FROM_CLUSTER2"
 }
+
+# For Helm multi-cluster installation steps
+
+function create_istio_system_ns
+{
+  snip_create_istio_system_namespace_cluster_1
+  snip_create_istio_system_namespace_cluster_2
+}
+
+function setup_helm_repo
+{
+  snip_setup_helm_repo_cluster_1
+  snip_setup_helm_repo_cluster_2
+}
+
+snip_create_istio_system_namespace_cluster_1() {
+kubectl create namespace istio-system --context "${CTX_CLUSTER1}"
+}
+
+snip_create_istio_system_namespace_cluster_2() {
+kubectl create namespace istio-system --context "${CTX_CLUSTER2}"
+}
+
+snip_setup_helm_repo_cluster_1() {
+helm repo add istio https://istio-release.storage.googleapis.com/charts --kube-context "${CTX_CLUSTER1}"
+helm repo update --kube-context "${CTX_CLUSTER1}"
+}
+
+snip_setup_helm_repo_cluster_2() {
+helm repo add istio https://istio-release.storage.googleapis.com/charts --kube-context "${CTX_CLUSTER2}"
+helm repo update --kube-context "${CTX_CLUSTER2}"
+}
+
+snip_delete_sample_ns_cluster_1() {
+kubectl delete namespace sample --context "${CTX_CLUSTER1}"
+}
+
+snip_delete_sample_ns_cluster_2() {
+kubectl delete namespace sample --context "${CTX_CLUSTER2}"
+}

content/en/docs/setup/install/multicluster/multi-primary/helm_test.sh

@@ -0,0 +1,84 @@
+#!/usr/bin/env bash
+# shellcheck disable=SC1090,SC2154
+
+# Copyright Istio Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# @setup multicluster
+
+set -e
+set -u
+set -o pipefail
+
+source content/en/docs/setup/install/multicluster/common.sh
+set_single_network_vars
+setup_helm_repo
+
+function install_istio_helm {
+  # Install Istio on the 2 clusters. Executing in
+  # parallel to reduce test time.
+  install_istio_on_cluster1_helm &
+  install_istio_on_cluster2_helm &
+  wait
+}
+
+function install_istio_on_cluster1_helm {
+    echo "Installing Istio on Primary cluster: ${CTX_CLUSTER1}"
+    snip_configure_cluster1_as_a_primary_3
+    snip_configure_cluster1_as_a_primary_4
+}
+
+function install_istio_on_cluster2_helm {
+    echo "Installing Istio on Primary cluster: ${CTX_CLUSTER2}"
+    snip_configure_cluster2_as_a_primary_3
+    snip_configure_cluster2_as_a_primary_4
+}
+
+function enable_endpoint_discovery {
+  snip_enable_endpoint_discovery_1
+  snip_enable_endpoint_discovery_2
+}
+
+time configure_trust
+time install_istio_helm
+time enable_endpoint_discovery
+time verify_load_balancing
+
+# @cleanup
+source content/en/docs/setup/install/multicluster/common.sh
+set_single_network_vars
+
+function cleanup_cluster1_helm {
+  snip_cleanup_3
+  snip_cleanup_4
+  snip_delete_sample_ns_cluster_1
+}
+
+function cleanup_cluster2_helm {
+  snip_cleanup_5
+  snip_cleanup_6
+  snip_delete_sample_ns_cluster_2
+}
+
+function cleanup_helm {
+  cleanup_cluster1_helm
+  cleanup_cluster2_helm
+  snip_delete_crds
+}
+
+time cleanup_helm
+
+# Everything should be removed once cleanup completes. Use a small
+# timeout for comparing cluster snapshots before/after the test.
+export VERIFY_TIMEOUT=20

content/en/docs/setup/install/multicluster/multi-primary/index.md

@@ -26,7 +26,13 @@ Service workloads communicate directly (pod-to-pod) across cluster boundaries.
 
 ## Configure `cluster1` as a primary
 
-Create the Istio configuration for `cluster1`:
+Create the `istioctl` configuration for `cluster1`:
+
+{{< tabset category-name="multicluster-install-type-cluster-1" >}}
+
+{{< tab name="IstioOperator" category-value="iop" >}}
+
+Install Istio as primary in `cluster1` using istioctl and the `IstioOperator` API.
 
 {{< text bash >}}
 $ cat <<EOF > cluster1.yaml
@@ -48,9 +54,36 @@ Apply the configuration to `cluster1`:
 $ istioctl install --context="${CTX_CLUSTER1}" -f cluster1.yaml
 {{< /text >}}
 
+{{< /tab >}}
+{{< tab name="Helm" category-value="helm" >}}
+
+Install Istio as primary in `cluster1` using the following Helm commands:
+
+Install the `base` chart in `cluster1`:
+
+{{< text bash >}}
+$ helm install istio-base istio/base -n istio-system --kube-context "${CTX_CLUSTER1}"
+{{< /text >}}
+
+Then, install the `istiod` chart in `cluster1` with the following multi-cluster settings:
+
+{{< text bash >}}
+$ helm install istiod istio/istiod -n istio-system --kube-context "${CTX_CLUSTER1}" --set global.meshID=mesh1 --set global.multiCluster.clusterName=cluster1 --set global.network=network1
+{{< /text >}}
+
+{{< /tab >}}
+
+{{< /tabset >}}
+
 ## Configure `cluster2` as a primary
 
-Create the Istio configuration for `cluster2`:
+Create the `istioctl` configuration for `cluster2`:
+
+{{< tabset category-name="multicluster-install-type-cluster-2" >}}
+
+{{< tab name="IstioOperator" category-value="iop" >}}
+
+Install Istio as primary in `cluster2` using istioctl and the `IstioOperator` API.
 
 {{< text bash >}}
 $ cat <<EOF > cluster2.yaml
@@ -72,6 +105,27 @@ Apply the configuration to `cluster2`:
 $ istioctl install --context="${CTX_CLUSTER2}" -f cluster2.yaml
 {{< /text >}}
 
+{{< /tab >}}
+{{< tab name="Helm" category-value="helm" >}}
+
+Install Istio as primary in `cluster2` using the following Helm commands:
+
+Install the `base` chart in `cluster2`:
+
+{{< text bash >}}
+$ helm install istio-base istio/base -n istio-system --kube-context "${CTX_CLUSTER2}"
+{{< /text >}}
+
+Then, install the `istiod` chart in `cluster2` with the following multi-cluster settings:
+
+{{< text bash >}}
+$ helm install istiod istio/istiod -n istio-system --kube-context "${CTX_CLUSTER2}" --set global.meshID=mesh1 --set global.multiCluster.clusterName=cluster2 --set global.network=network1
+{{< /text >}}
+
+{{< /tab >}}
+
+{{< /tabset >}}
+
 ## Enable Endpoint Discovery
 
 Install a remote secret in `cluster2` that provides access to `cluster1`’s API server.
@@ -101,16 +155,66 @@ You can now [verify the installation](/docs/setup/install/multicluster/verify).
 
 ## Cleanup
 
-1. Uninstall Istio in `cluster1`:
+Uninstall Istio from both `cluster1` and `cluster2` using the same mechanism you installed Istio with (istioctl or Helm).
+
+{{< tabset category-name="multicluster-uninstall-type-cluster-1" >}}
+
+{{< tab name="IstioOperator" category-value="iop" >}}
+
+Uninstall Istio in `cluster1`:
+
+{{< text syntax=bash snip_id=none >}}
+$ istioctl uninstall --context="${CTX_CLUSTER1}" -y --purge
+$ kubectl delete ns istio-system --context="${CTX_CLUSTER1}"
+{{< /text >}}
+
+Uninstall Istio in `cluster2`:
+
+{{< text syntax=bash snip_id=none >}}
+$ istioctl uninstall --context="${CTX_CLUSTER2}" -y --purge
+$ kubectl delete ns istio-system --context="${CTX_CLUSTER2}"
+{{< /text >}}
+
+{{< /tab >}}
 
-    {{< text syntax=bash snip_id=none >}}
-    $ istioctl uninstall --context="${CTX_CLUSTER1}" -y --purge
-    $ kubectl delete ns istio-system --context="${CTX_CLUSTER1}"
-    {{< /text >}}
+{{< tab name="Helm" category-value="helm" >}}
+
+Delete Istio Helm installation from `cluster1`:
+
+{{< text syntax=bash >}}
+$ helm delete istiod -n istio-system --kube-context "${CTX_CLUSTER1}"
+$ helm delete istio-base -n istio-system --kube-context "${CTX_CLUSTER1}"
+{{< /text >}}
+
+Delete the `istio-system` namespace from `cluster1`:
+
+{{< text syntax=bash >}}
+$ kubectl delete ns istio-system --context="${CTX_CLUSTER1}"
+{{< /text >}}
+
+Delete Istio Helm installation from `cluster2`:
+
+{{< text syntax=bash >}}
+$ helm delete istiod -n istio-system --kube-context "${CTX_CLUSTER2}"
+$ helm delete istio-base -n istio-system --kube-context "${CTX_CLUSTER2}"
+{{< /text >}}
+
+Delete the `istio-system` namespace from `cluster2`:
+
+{{< text syntax=bash >}}
+$ kubectl delete ns istio-system --context="${CTX_CLUSTER2}"
+{{< /text >}}
+
+(Optional) Delete CRDs installed by Istio:
+
+Deleting CRDs permanently removes any Istio resources you have created in your clusters.
+Delete Istio CRDs installed in your clusters by running:
+
+{{< text syntax=bash snip_id=delete_crds >}}
+$ kubectl get crd -oname --context "${CTX_CLUSTER1}" | grep --color=never 'istio.io' | xargs kubectl delete --context "${CTX_CLUSTER1}"
+$ kubectl get crd -oname --context "${CTX_CLUSTER2}" | grep --color=never 'istio.io' | xargs kubectl delete --context "${CTX_CLUSTER2}"
+{{< /text >}}
 
-1. Uninstall Istio in `cluster2`:
+{{< /tab >}}
 
-    {{< text syntax=bash snip_id=none >}}
-    $ istioctl uninstall --context="${CTX_CLUSTER2}" -y --purge
-    $ kubectl delete ns istio-system --context="${CTX_CLUSTER2}"
-    {{< /text >}}
+{{< /tabset >}}

content/en/docs/setup/install/multicluster/multi-primary/snips.sh

@@ -38,6 +38,14 @@ snip_configure_cluster1_as_a_primary_2() {
 istioctl install --context="${CTX_CLUSTER1}" -f cluster1.yaml
 }
 
+snip_configure_cluster1_as_a_primary_3() {
+helm install istio-base istio/base -n istio-system --kube-context "${CTX_CLUSTER1}"
+}
+
+snip_configure_cluster1_as_a_primary_4() {
+helm install istiod istio/istiod -n istio-system --kube-context "${CTX_CLUSTER1}" --set global.meshID=mesh1 --set global.multiCluster.clusterName=cluster1 --set global.network=network1
+}
+
 snip_configure_cluster2_as_a_primary_1() {
 cat <<EOF > cluster2.yaml
 apiVersion: install.istio.io/v1alpha1
@@ -56,6 +64,14 @@ snip_configure_cluster2_as_a_primary_2() {
 istioctl install --context="${CTX_CLUSTER2}" -f cluster2.yaml
 }
 
+snip_configure_cluster2_as_a_primary_3() {
+helm install istio-base istio/base -n istio-system --kube-context "${CTX_CLUSTER2}"
+}
+
+snip_configure_cluster2_as_a_primary_4() {
+helm install istiod istio/istiod -n istio-system --kube-context "${CTX_CLUSTER2}" --set global.meshID=mesh1 --set global.multiCluster.clusterName=cluster2 --set global.network=network1
+}
+
 snip_enable_endpoint_discovery_1() {
 istioctl create-remote-secret \
     --context="${CTX_CLUSTER1}" \
@@ -69,3 +85,26 @@ istioctl create-remote-secret \
     --name=cluster2 | \
     kubectl apply -f - --context="${CTX_CLUSTER1}"
 }
+
+snip_cleanup_3() {
+helm delete istiod -n istio-system --kube-context "${CTX_CLUSTER1}"
+helm delete istio-base -n istio-system --kube-context "${CTX_CLUSTER1}"
+}
+
+snip_cleanup_4() {
+kubectl delete ns istio-system --context="${CTX_CLUSTER1}"
+}
+
+snip_cleanup_5() {
+helm delete istiod -n istio-system --kube-context "${CTX_CLUSTER2}"
+helm delete istio-base -n istio-system --kube-context "${CTX_CLUSTER2}"
+}
+
+snip_cleanup_6() {
+kubectl delete ns istio-system --context="${CTX_CLUSTER2}"
+}
+
+snip_delete_crds() {
+kubectl get crd -oname --context "${CTX_CLUSTER1}" | grep --color=never 'istio.io' | xargs kubectl delete --context "${CTX_CLUSTER1}"
+kubectl get crd -oname --context "${CTX_CLUSTER2}" | grep --color=never 'istio.io' | xargs kubectl delete --context "${CTX_CLUSTER2}"
+}