Upgrade Notes of Istio (from v1.19 to v1.20)
2024年02月12日
This post focuses on the upgrade of Istio, from v1.19 to v1.20.
$ ISTIO_VER=1.20.2
$ LOCAL_ARCH=$(uname -m)
$ echo $LOCAL_ARCH
$ curl -kL https://istio.io/downloadIstio | ISTIO_VERSION=${ISTIO_VER} TARGET_ARCH=${LOCAL_ARCH} sh -
$ curl -kL https://istio.io/downloadIstioctl | ISTIO_VERSION=${ISTIO_VER} TARGET_ARCH=$(uname -m) sh -
2. Add the
$ sudo cp $HOME/.istioctl/bin/istioctl /usr/local/bin/
3. (optional) Enable the auto-completion option when working with a bash or Zsh console.
$ istioctl version
$ istioctl x precheck
$ cd istio-${ISTIO_VER}
$ vim manifests/charts/gateways/istio-ingress/values.yaml
$ istioctl install --set profile=demo --charts=./manifests/ \
> --set components.cni.enabled=true \
> --set components.cni.namespace=kube-system
$ istioctl proxy-status
If any pod's Istio version is not updated, force it update.
% k delete po -l app=example
$ istioctl proxy-status
[Update] Upgrade from Istio 1.20.2 to 1.20.3.
$ ISTIO_VER=1.20.3
$ LOCAL_ARCH=$(uname -m)
$ curl -kL https://istio.io/downloadIstio | ISTIO_VERSION=${ISTIO_VER} TARGET_ARCH=${LOCAL_ARCH} sh -
$ curl -kL https://istio.io/downloadIstioctl | ISTIO_VERSION=${ISTIO_VER} TARGET_ARCH=$(uname -m) sh -
$ sudo cp $HOME/.istioctl/bin/istioctl /usr/local/bin/
$ istioctl x precheck
$ cd istio-${ISTIO_VER}
$ vim manifests/charts/gateways/istio-ingress/values.yaml
$ istioctl install --set profile=demo --charts=./manifests/ \
> --set components.cni.enabled=true \
> --set components.cni.namespace=kube-system
Install with Istioctl
Using the Istioctl Command-line Tool
Background
The post Release Notes of Site Upgrades holds the catalog of the whole upgrade's note.This post focuses on the upgrade of Istio, from v1.19 to v1.20.
Prerequisites
Download the Istio Release
Go to the Istio release page to download the installation file for your OS, or download and extract the latest release automatically (Linux or macOS):$ ISTIO_VER=1.20.2
$ LOCAL_ARCH=$(uname -m)
$ echo $LOCAL_ARCH
aarch64
$ curl -kL https://istio.io/downloadIstio | ISTIO_VERSION=${ISTIO_VER} TARGET_ARCH=${LOCAL_ARCH} sh -
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 101 100 101 0 0 505 0 --:--:-- --:--:-- --:--:-- 507
100 4899 100 4899 0 0 16340 0 --:--:-- --:--:-- --:--:-- 0
Downloading istio-1.20.2 from https://github.com/istio/istio/releases/download/1.20.2/istio-1.20.2-linux-arm64.tar.gz ...
Istio 1.20.2 Download Complete!
Istio has been successfully downloaded into the istio-1.20.2 folder on your system.
Next Steps:
See https://istio.io/latest/docs/setup/install/ to add Istio to your Kubernetes cluster.
To configure the istioctl client tool for your workstation,
add the /home/ec2-user/istio-1.20.2/bin directory to your environment path variable with:
export PATH="$PATH:/home/ec2-user/istio-1.20.2/bin"
Begin the Istio pre-installation check by running:
istioctl x precheck
Need more information? Visit https://istio.io/latest/docs/setup/install/
Install Istioctl
Install theistioctl binary with curl
1. Download the latest release$ curl -kL https://istio.io/downloadIstioctl | ISTIO_VERSION=${ISTIO_VER} TARGET_ARCH=$(uname -m) sh -
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 95 100 95 0 0 489 0 --:--:-- --:--:-- --:--:-- 487
100 4628 100 4628 0 0 12610 0 --:--:-- --:--:-- --:--:-- 12610
Downloading istioctl-1.20.2 from https://github.com/istio/istio/releases/download/1.20.2/istioctl-1.20.2-linux-amd64.tar.gz ...
istioctl-1.20.2-linux-amd64.tar.gz download complete!
Add the istioctl to your path with:
export PATH=$HOME/.istioctl/bin:$PATH
Begin the Istio pre-installation check by running:
istioctl x precheck
Need more information? Visit https://istio.io/docs/reference/commands/istioctl/
2. Add the
istioctl client to the path that could be executed from command line.$ sudo cp $HOME/.istioctl/bin/istioctl /usr/local/bin/
3. (optional) Enable the auto-completion option when working with a bash or Zsh console.
$ istioctl version
client version: 1.20.2 control plane version: 1.20.2 data plane version: 1.19.5 (8 proxies), 1.20.2 (4 proxies)
Upgrade Istio
$ istioctl x precheck
✔ No issues found when checking the cluster. Istio is safe to install or upgrade! To get started, check out https://istio.io/latest/docs/setup/getting-started/
$ cd istio-${ISTIO_VER}
$ vim manifests/charts/gateways/istio-ingress/values.yaml
...
#serviceAnnotations: {}
# Setup how istiod Service is configured. See https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services
ipFamilyPolicy: ""
ipFamilies: []
# To generate an internal load balancer:
# --set serviceAnnotations.cloud.google.com/load-balancer-type=internal
#serviceAnnotations:
# cloud.google.com/load-balancer-type: "internal"
serviceAnnotations:
service.beta.kubernetes.io/aws-load-balancer-type: "external"
service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: "instance"
service.beta.kubernetes.io/aws-load-balancer-scheme: "internal"
...
$ istioctl install --set profile=demo --charts=./manifests/ \
> --set components.cni.enabled=true \
> --set components.cni.namespace=kube-system
istioctl install --set profile=demo --charts=./manifests/ \ --set components.cni.enabled=true \ --set components.cni.namespace=kube-system
This will install the Istio 1.20.2 "demo" profile (with components: Istio core, Istiod, CNI, Ingress gateways, and Egress gateways) into the cluster. Proceed? (y/N) y ✔ Istio core installed ✔ Istiod installed ✔ Egress gateways installed ✔ Ingress gateways installed ✔ CNI installed ✔ Installation completeMade this installation the default for injection and validation.
$ istioctl proxy-status
NAME CLUSTER CDS LDS EDS RDS ECDS ISTIOD VERSION activator-bfb97979b-zgrzk.knative-serving Kubernetes SYNCED SYNCED SYNCED SYNCED NOT SENT istiod-545cf89855-fz666 1.19.5 autoscaler-847ccf69d8-6sw79.knative-serving Kubernetes SYNCED SYNCED SYNCED SYNCED NOT SENT istiod-545cf89855-fz666 1.19.5 example-64d596b7f8-76lh6.xxxx Kubernetes SYNCED SYNCED SYNCED SYNCED NOT SENT istiod-545cf89855-lzfvl 1.19.5 controller-5d86fbf4c8-5r2jl.knative-serving Kubernetes SYNCED SYNCED SYNCED SYNCED NOT SENT istiod-545cf89855-tlslb 1.19.5 domainmapping-webhook-566bbc794d-j2kdx.knative-serving Kubernetes SYNCED SYNCED SYNCED SYNCED NOT SENT istiod-545cf89855-fz666 1.19.5 istio-egressgateway-6bbdb78748-ptj9j.istio-system Kubernetes SYNCED SYNCED SYNCED NOT SENT NOT SENT istiod-545cf89855-fz666 1.20.2 istio-ingressgateway-84444f7c84-f9q86.istio-system Kubernetes SYNCED SYNCED SYNCED SYNCED NOT SENT istiod-545cf89855-fz666 1.20.2 istio-ingressgateway-84444f7c84-fjj6n.istio-system Kubernetes SYNCED SYNCED SYNCED SYNCED NOT SENT istiod-545cf89855-fz666 1.20.2 istio-ingressgateway-84444f7c84-x85gn.istio-system Kubernetes SYNCED SYNCED SYNCED SYNCED NOT SENT istiod-545cf89855-fz666 1.20.2 net-istio-webhook-6956897f74-zbvz6.knative-serving Kubernetes SYNCED SYNCED SYNCED SYNCED NOT SENT istiod-545cf89855-fz666 1.20.2 webhook-6d8cffbb48-7krkh.knative-serving Kubernetes SYNCED SYNCED SYNCED SYNCED NOT SENT istiod-545cf89855-fz666 1.19.5
If any pod's Istio version is not updated, force it update.
% k delete po -l app=example
$ istioctl proxy-status
NAME CLUSTER CDS LDS EDS RDS ECDS ISTIOD VERSION activator-bfb97979b-btd5q.knative-serving Kubernetes SYNCED SYNCED SYNCED SYNCED NOT SENT istiod-545cf89855-fz666 1.20.2 autoscaler-847ccf69d8-75lww.knative-serving Kubernetes SYNCED SYNCED SYNCED SYNCED NOT SENT istiod-545cf89855-lzfvl 1.20.2 example-64d596b7f8-2wj8l.xxxx Kubernetes SYNCED SYNCED SYNCED SYNCED NOT SENT istiod-545cf89855-lzfvl 1.20.2 controller-5d86fbf4c8-lfdpk.knative-serving Kubernetes SYNCED SYNCED SYNCED SYNCED NOT SENT istiod-545cf89855-fz666 1.20.2 domainmapping-webhook-566bbc794d-snd5t.knative-serving Kubernetes SYNCED SYNCED SYNCED SYNCED NOT SENT istiod-545cf89855-tlslb 1.20.2 istio-egressgateway-6bbdb78748-ptj9j.istio-system Kubernetes SYNCED SYNCED SYNCED NOT SENT NOT SENT istiod-545cf89855-lzfvl 1.20.2 istio-ingressgateway-84444f7c84-f9q86.istio-system Kubernetes SYNCED SYNCED SYNCED SYNCED NOT SENT istiod-545cf89855-lzfvl 1.20.2 istio-ingressgateway-84444f7c84-fjj6n.istio-system Kubernetes SYNCED SYNCED SYNCED SYNCED NOT SENT istiod-545cf89855-fz666 1.20.2 istio-ingressgateway-84444f7c84-x85gn.istio-system Kubernetes SYNCED SYNCED SYNCED SYNCED NOT SENT istiod-545cf89855-tlslb 1.20.2 net-istio-webhook-6956897f74-zbvz6.knative-serving Kubernetes SYNCED SYNCED SYNCED SYNCED NOT SENT istiod-545cf89855-lzfvl 1.20.2 webhook-6d8cffbb48-59j26.knative-serving Kubernetes SYNCED SYNCED SYNCED SYNCED NOT SENT istiod-545cf89855-tlslb 1.20.2
[Update] Upgrade from Istio 1.20.2 to 1.20.3.
$ ISTIO_VER=1.20.3
$ LOCAL_ARCH=$(uname -m)
$ curl -kL https://istio.io/downloadIstio | ISTIO_VERSION=${ISTIO_VER} TARGET_ARCH=${LOCAL_ARCH} sh -
$ curl -kL https://istio.io/downloadIstioctl | ISTIO_VERSION=${ISTIO_VER} TARGET_ARCH=$(uname -m) sh -
$ sudo cp $HOME/.istioctl/bin/istioctl /usr/local/bin/
$ istioctl x precheck
$ cd istio-${ISTIO_VER}
$ vim manifests/charts/gateways/istio-ingress/values.yaml
...
#serviceAnnotations: {}
# Setup how istiod Service is configured. See https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services
ipFamilyPolicy: ""
ipFamilies: []
# To generate an internal load balancer:
# --set serviceAnnotations.cloud.google.com/load-balancer-type=internal
#serviceAnnotations:
# cloud.google.com/load-balancer-type: "internal"
serviceAnnotations:
service.beta.kubernetes.io/aws-load-balancer-type: "external"
service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: "instance"
service.beta.kubernetes.io/aws-load-balancer-scheme: "internal"
...
$ istioctl install --set profile=demo --charts=./manifests/ \
> --set components.cni.enabled=true \
> --set components.cni.namespace=kube-system
istioctl install --set profile=demo --charts=./manifests/ \ --set components.cni.enabled=true \ --set components.cni.namespace=kube-system
References
Install with Istioctl
Using the Istioctl Command-line Tool