From dd14d06178105bec83f52e9c416db5a38d9e7dd6 Mon Sep 17 00:00:00 2001
From: Steven Dake <stdake@cisco.com>
Date: Thu, 18 Jan 2018 11:40:53 -0700
Subject: [PATCH] Add documentation for Helm deployment

This adds documentation along with related configuration options for
deploying Istio with the Helm charts.
---
 _docs/setup/kubernetes/helm.md        | 75 +++++++++++++++++++++++++++
 _docs/setup/kubernetes/quick-start.md |  3 +-
 2 files changed, 77 insertions(+), 1 deletion(-)
 create mode 100644 _docs/setup/kubernetes/helm.md

diff --git a/_docs/setup/kubernetes/helm.md b/_docs/setup/kubernetes/helm.md
new file mode 100644
index 0000000000000..2ac87df5e41ed
--- /dev/null
+++ b/_docs/setup/kubernetes/helm.md
@@ -0,0 +1,75 @@
+---
+title: Istio Helm Chart Instructions
+overview: Instructions for the setup and configuration of Istio using the Helm package manager.
+
+order: 10
+
+layout: docs
+type: markdown
+---
+
+{% include home.html %}
+
+Quick Start instructions for the setup and configuration of Istio using the Helm package manager.
+
+
+## Prerequisites
+
+The following instructions require you have access to Helm **2.7.2 or newer** in your Kubernetes environment or 
+alternately the ability to modify RBAC rules required to install Helm.  Additionally Kubernetes **1.7.3 or newer**
+is also required.
+
+## Deploy with Helm
+
+1. If a service account has not already been installed for Helm, please install one:
+  ```bash
+  kubectl create -f install/kubernetes/helm-service-account.yaml
+  ```
+
+1. Initialize Helm:
+  ```bash
+  helm init --service-account tiller
+  ```
+
+1. Create the Helm chart:
+  ```bash
+  helm install install/kuberenetes/istio --name istio
+  ```
+
+## Customization with Helm
+
+The Helm chart ships with reasonable defaults.  There may be circumstances in which defaults require overrides.
+To override Helm values, use `--set key=value` argument during the `helm install` command.  Multiple `--set` operations
+may be used in the same Helm operation.
+
+Helm Charts expose configuration options which are currently in alpha.  The currently exposed options are explained in the
+following table:
+
+| Helm Variable                | Possible Values    | Default Value              | Purpose of Key                                 |
+|------------------------------|--------------------|----------------------------|------------------------------------------------|
+| global.namespace             | any Kubernetes ns  | istio-system               | Specifies the namespace for Istio              |
+| global.initializer.enabled   | true/false         | true                       | Specifies whether to use the Initializer       |
+| global.proxy.hub             | registry+namespace | release registry/namespace | Specifies the HUB for the proxy image          |
+| global.proxy.tag             | image tag          | release unique hash        | Specifies the TAG for the proxy image          |
+| global.proxy.debug           | true/false         | false                      | Specifies whether proxy is run in debug mode   |
+| global.pilot.hub             | registry+namespace | release registry/namespace | Specifies the HUB for the pilot image          |
+| global.pilot.tag             | image tag          | release unique hash        | Specifies the TAG for the pilot image          |
+| global.pilot.enabled         | true/false         | true                       | Specifies whether pilot is enabled/disabled     |
+| istio.ca.hub                 | registry+namespace | release registry/namespace | Specifies the HUB for the ca image             |
+| istio.ca.tag                 | image tag          | release unique hash        | Specifies the TAG for the ca image             |
+| global.security.enabled      | true/false         | false                      | Specifies whether security is enabled/disabled |
+| global.mixer.hub             | registry+namespace | release registry/namespace | Specifies the HUB for the mixer image          |
+| global.mixer.tag             | image tag          | release unique hash        | Specifies the TAG for the mixer image          |
+| global.mixer.enabled         | true/false         | true                       | Specifies whether mixer is enabled/disabled    |
+| global.hyperkube.hub         | registry+namesapce | quay.io/coreos/hyperkube   | Specifies the HUB for the hyperkube image      |
+| global.hyperkube.tag         | image tag          | v1.7.6_coreos.0            | Specifies the TAG for the hyperkube image      |
+| global.ingress.use_nodeport  | true/false         | false                      | Specifies whether to use nodeport or LB        |
+| global.ingress.nodeport_port | 32000-32767        | 32000                      | If nodeport is used, specifies its port        |
+
+## Uninstalling
+
+* Uninstall Istio:
+
+  ```bash
+  helm delete --purge istio
+  ```
diff --git a/_docs/setup/kubernetes/quick-start.md b/_docs/setup/kubernetes/quick-start.md
index 29abed422bdca..050502dce528e 100644
--- a/_docs/setup/kubernetes/quick-start.md
+++ b/_docs/setup/kubernetes/quick-start.md
@@ -101,7 +101,8 @@ cd istio-{{ site.data.istio.version }}
 export PATH=$PWD/bin:$PATH
 ```
 
-1. Install Istio's core components. Choose one of the two _**mutually exclusive**_ options below:
+1. Install Istio's core components. Choose one of the two _**mutually exclusive**_ options below or alternately install
+   with the alpha-quality [Helm Chart]({{home}}/docs/setup/kubernetes/helm.html):
 
   a) Install Istio without enabling [mutual TLS authentication]({{home}}/docs/concepts/security/mutual-tls.html) between sidecars.
        Choose this option for clusters with existing applications, applications where services with an