-
Notifications
You must be signed in to change notification settings - Fork 119
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bump istioctl #1331
base: main
Are you sure you want to change the base?
Bump istioctl #1331
Conversation
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/test check-provision-k8s-1.29 |
@aerosouund thanks for taking a crack at this! I am very keen to get this in. Do you need any help? The current version we are using is very old, and is not compatible with kubevirt/kubevirt#13422. The istio sidecar injection code is somehow stealing the cc @EdDev |
@mhenriks |
On inspecting the cluster post running [vagrant@node01 ~]$ sudo kubectl --kubeconfig=/etc/kubernetes/admin.conf api-resources | grep istio
wasmplugins extensions.istio.io/v1alpha1 true WasmPlugin
destinationrules dr networking.istio.io/v1 true DestinationRule
envoyfilters networking.istio.io/v1alpha3 true EnvoyFilter
gateways gw networking.istio.io/v1 true Gateway
proxyconfigs networking.istio.io/v1beta1 true ProxyConfig
serviceentries se networking.istio.io/v1 true ServiceEntry
sidecars networking.istio.io/v1 true Sidecar
virtualservices vs networking.istio.io/v1 true VirtualService
workloadentries we networking.istio.io/v1 true WorkloadEntry
workloadgroups wg networking.istio.io/v1 true WorkloadGroup
authorizationpolicies ap security.istio.io/v1 true AuthorizationPolicy
peerauthentications pa security.istio.io/v1 true PeerAuthentication
requestauthentications ra security.istio.io/v1 true RequestAuthentication
telemetries telemetry telemetry.istio.io/v1 true Telemetry With that said, the yaml files we use to install the operator will no longer work ( [vagrant@node01 ~]$ sudo kubectl --kubeconfig=/etc/kubernetes/admin.conf get pods -A | grep istio
istio-operator istio-operator-6c4fc4d784-2qqff 1/1 Running 0 2m50s
istio-system istio-egressgateway-79c995f7cb-w4ppg 1/1 Running 0 88s
istio-system istio-ingressgateway-775fdbc456-qq5cn 1/1 Running 0 88s
istio-system istiod-5857496459-cnz5t 1/1 Running 0 92s
kube-system istio-cni-node-l99td 1/1 Running 0 88s After the upgrade, you only get [vagrant@node01 ~]$ sudo kubectl --kubeconfig=/etc/kubernetes/admin.conf get pods -A | grep istio
istio-system istio-ingressgateway-5f9df778cc-bl9sw 1/1 Running 0 33m
istio-system istiod-69d6bb74c-z6fqk 1/1 Running 0 34m So we need to know how to get the same as what we had before in the previous version using 1.24. I might need help from the network team on this |
Alternatively, we may not jump to 1.24. Maybe a lesser version that still behaves similar to 1.15 and has the things you want supported. |
I am not familiar at all with Istio tbh, and currently on few other tasks, |
@oshoval
|
the first two need deeper understanding that i dont have now sorry, |
@mhenriks |
1.20 is the oldest version that supports 1.29 (SideCar featuregate enabled) so that would be the minimum. But obviously latest would be best https://istio.io/latest/docs/releases/supported-releases/#support-status-of-istio-releases |
It seem we dont use in in e2e tests, we do use ingress-gateway though Istio API
From what I remember Istio operator account for deploying its CNI, we have no dedicated scripting for doing that.
Please note kubevirt e2e tests relays on the sidecar injection functionally. I suggest to test this PR on kubevirt/kubevirt on sig-network lane so we can see where it fails and realize what our options. |
Signed-off-by: aerosouund <[email protected]>
Signed-off-by: aerosouund <[email protected]>
Signed-off-by: aerosouund <[email protected]>
Signed-off-by: aerosouund <[email protected]>
Signed-off-by: aerosouund <[email protected]>
Signed-off-by: aerosouund <[email protected]>
Signed-off-by: aerosouund <[email protected]>
…er privileges are needed Signed-off-by: aerosouund <[email protected]>
Signed-off-by: aerosouund <[email protected]>
Signed-off-by: aerosouund <[email protected]>
…onset in a separate thread Signed-off-by: aerosouund <[email protected]>
Signed-off-by: aerosouund <[email protected]>
…on it Signed-off-by: aerosouund <[email protected]>
14a6949
to
ac32724
Compare
Signed-off-by: aerosouund <[email protected]>
/test all |
@@ -14,6 +14,9 @@ quay.io/kubevirt/cdi-apiserver:v1.58.1 | |||
quay.io/kubevirt/cdi-controller:v1.58.1 | |||
quay.io/kubevirt/cdi-operator:v1.58.1 | |||
quay.io/kubevirt/cdi-uploadproxy:v1.58.1 | |||
docker.io/istio/install-cni:1.24.1 | |||
docker.io/istio/pilot:1.24.1 | |||
docker.io/istio/proxyv2:1.24.1 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I need to get these images copied over to our quay account so that we don't hit any docker io limits
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The older images at the top of the file can be removed
quay.io/kubevirtci/install-cni:1.15.0
quay.io/kubevirtci/operator:1.15.0
quay.io/kubevirtci/pilot:1.15.0
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Asking to understand: @brianmcarey from what I know we have container image cache on CI, is it correct?
Is so, do we still need mirroring if we have cache?
Signed-off-by: aerosouund <[email protected]>
@brianmcarey PHASES="$PHASES_DEFAULT" We can merge it as it is and then i will submit a tiny PR that reverts this change so we can go back to running the k8s phase in CI only |
/retest-required |
@aerosouund: The following tests failed, say
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
What this PR does / why we need it:
Bump Istio to the latest stable release
Which issue(s) this PR fixes (optional, in
fixes #<issue number>(, fixes #<issue_number>, ...)
format, will close the issue(s) when PR gets merged):Fixes #1324
Checklist
This checklist is not enforcing, but it's a reminder of items that could be relevant to every PR.
Approvers are expected to review this list.