0

About two year ago i installed a k8s cluster and added Istio. Currently i can’t remember how i installed it (operator or using istioctl). At this moment when i ask for the version i get:

./bin/istioctl version
client version: 1.11.3
control plane version: 1.11.3
data plane version: 1.11.3 (352 proxies)

I have the following namespaces related to istio:

kubectl get ns | grep istio
istio-operator        Active   726d
istio-system          Active   726d

iside our gitops i have an IstioOperator yaml:

apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
metadata:
  name: istiocontrolplane
  namespace: istio-system
spec:
  profile: default
  meshConfig:
    accessLogFile: /dev/stdout
    extensionProviders: # https://istio.io/v1.9/docs/reference/config/istio.mesh.v1alpha1/#MeshConfig-ExtensionProvider-EnvoyExternalAuthorizationHttpProvider
      - name: xxxx
        envoyExtAuthzHttp:
          service: oauth2-proxy-xxxx.keycloak.svc.cluster.local
          port: 4180
          includeHeadersInCheck:
            - authorization
            - cookie
          headersToUpstreamOnAllow:
            - authorization
            - path
            - cookie
            - x-auth-request-access-token
            - x-auth-request-user
            - x-auth-request-email
          headersToDownstreamOnDeny:
            - content-type
            - set-cookie
  components:
    ingressGateways:
      - name: istio-ingressgateway
        k8s:
          hpaSpec:
            minReplicas: 2
          service:
            type: NodePort
            ports:
              - name: http2
                nodePort: 32080
                port: 80
                protocol: TCP
                targetPort: 8080
              - name: https
                nodePort: 32443
                port: 443
                protocol: TCP
                targetPort: 8443
    pilot:
      k8s:
        hpaSpec:
          minReplicas: 2

Inside the istio-operator i have the following items (mited the replicaset and services)

k -n istio-operator get all
NAME                                         READY   STATUS    RESTARTS       AGE
pod/istio-operator-1-12-5-65c9f7bf96-qcdsc   1/1     Running   0              15m
pod/istio-operator-1-14-1-9874cfdcb-bwtwg    1/1     Running   3 (51d ago)    83d
pod/istio-operator-58dc7d74f5-pbkcs          1/1     Running   48 (48d ago)   83d

NAME                                    READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/istio-operator          1/1     1            1           726d
deployment.apps/istio-operator-1-12-5   1/1     1            1           15m
deployment.apps/istio-operator-1-14-1   1/1     1            1           146d

Inside istio-system i have the following deployments:

NAME                   READY   UP-TO-DATE   AVAILABLE   AGE    CONTAINERS    IMAGES                           SELECTOR
istio-ingressgateway   2/2     2            2           726d   istio-proxy   docker.io/istio/proxyv2:1.11.3   app=istio-ingressgateway,istio=ingressgateway
istiod                 2/2     2            2           726d   discovery

I want to clean this mess up and move to version 14.1 (our k8s version is v1.22.13)

So my questions;

  • what method of installation did i follow (or did i mix them through the last years)
  • how to clean and remove the older versions.
  • actually any tips that can help me "clean" this mess i created

p.s. I am using custom EnvoyFilter for oauth2 and for redirecting (using lua)

jen
  • 357
  • 2
  • 10
  • 1
    Can you refer to this [SO](https://stackoverflow.com/questions/54261468/) and Let me know if this resolves your issue. – Hemanth Kumar Jan 23 '23 at 09:20
  • @hemanth-kumar you mean to uninstall and install again? What about the existing objects, will they be recreated once i reinstall (this is a prod environment) – jen Jan 23 '23 at 09:52
  • 1
    If you uninstall and reinstall Istio, any resources that were created when Istio was initially installed will be deleted and will not be recreated. This includes Kubernetes objects such as Services, Deployments, ConfigMaps, and Secrets. In addition, any custom configurations or settings that were created for Istio will be lost, and will need to be re-created when Istio is reinstalled. For this reason, it is important to back up any configurations or settings before uninstalling Istio in a production environment. – Hemanth Kumar Jan 23 '23 at 10:17
  • We are using gitops (flux) so things will get recreated. Is the recommended install helm or using istioctl with a custom `IstioOperator` (https://istio.io/latest/docs/setup/additional-setup/customize-installation/) – jen Jan 23 '23 at 10:26
  • 1
    The recommended way to install Istio is to use istioctl with a custom IstioOperator. This allows you to configure the control plane as well as manage the Istio installation in a declarative way. – Hemanth Kumar Jan 23 '23 at 11:20

1 Answers1

1

Can you refer to this SO and If you uninstall and reinstall Istio, any resources that were created when Istio was initially installed will be deleted and will not be recreated. This includes Kubernetes objects such as Services, Deployments, ConfigMaps, and Secrets. In addition, any custom configurations or settings that were created for Istio will be lost, and will need to be re-created when Istio is reinstalled. For this reason, it is important to back up any configurations or settings before uninstalling Istio in a production environment.

The recommended way to install Istio is to use istioctl with a custom IstioOperator. This allows you to configure the control plane as well as manage the Istio installation in a declarative way.

Hemanth Kumar
  • 2,728
  • 1
  • 4
  • 19
  • We are using gitops, don't you think helm would be better? – jen Jan 24 '23 at 08:40
  • You can also use Helm, but Istio has more capabilities, and you need to know how to use helm charts with Helm. According to this [document](https://www.solo.io/blog/3-most-common-ways-install-istio/), Helm charts work well with CI/CD pipelines and GitOps. – Hemanth Kumar Jan 24 '23 at 11:07
  • Have purged Istio and moved to Helm successfully. – jen Jan 29 '23 at 09:36