About two year ago i installed a k8s cluster and added Istio. Currently i can’t remember how i installed it (operator or using istioctl). At this moment when i ask for the version i get:
./bin/istioctl version
client version: 1.11.3
control plane version: 1.11.3
data plane version: 1.11.3 (352 proxies)
I have the following namespaces related to istio:
kubectl get ns | grep istio
istio-operator Active 726d
istio-system Active 726d
iside our gitops i have an IstioOperator yaml:
apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
metadata:
name: istiocontrolplane
namespace: istio-system
spec:
profile: default
meshConfig:
accessLogFile: /dev/stdout
extensionProviders: # https://istio.io/v1.9/docs/reference/config/istio.mesh.v1alpha1/#MeshConfig-ExtensionProvider-EnvoyExternalAuthorizationHttpProvider
- name: xxxx
envoyExtAuthzHttp:
service: oauth2-proxy-xxxx.keycloak.svc.cluster.local
port: 4180
includeHeadersInCheck:
- authorization
- cookie
headersToUpstreamOnAllow:
- authorization
- path
- cookie
- x-auth-request-access-token
- x-auth-request-user
- x-auth-request-email
headersToDownstreamOnDeny:
- content-type
- set-cookie
components:
ingressGateways:
- name: istio-ingressgateway
k8s:
hpaSpec:
minReplicas: 2
service:
type: NodePort
ports:
- name: http2
nodePort: 32080
port: 80
protocol: TCP
targetPort: 8080
- name: https
nodePort: 32443
port: 443
protocol: TCP
targetPort: 8443
pilot:
k8s:
hpaSpec:
minReplicas: 2
Inside the istio-operator i have the following items (mited the replicaset and services)
k -n istio-operator get all
NAME READY STATUS RESTARTS AGE
pod/istio-operator-1-12-5-65c9f7bf96-qcdsc 1/1 Running 0 15m
pod/istio-operator-1-14-1-9874cfdcb-bwtwg 1/1 Running 3 (51d ago) 83d
pod/istio-operator-58dc7d74f5-pbkcs 1/1 Running 48 (48d ago) 83d
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/istio-operator 1/1 1 1 726d
deployment.apps/istio-operator-1-12-5 1/1 1 1 15m
deployment.apps/istio-operator-1-14-1 1/1 1 1 146d
Inside istio-system i have the following deployments:
NAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR
istio-ingressgateway 2/2 2 2 726d istio-proxy docker.io/istio/proxyv2:1.11.3 app=istio-ingressgateway,istio=ingressgateway
istiod 2/2 2 2 726d discovery
I want to clean this mess up and move to version 14.1 (our k8s version is v1.22.13)
So my questions;
p.s. I am using custom EnvoyFilter for oauth2 and for redirecting (using lua)
Can you refer to this SO and If you uninstall and reinstall Istio, any resources that were created when Istio was initially installed will be deleted and will not be recreated. This includes Kubernetes objects such as Services, Deployments, ConfigMaps, and Secrets. In addition, any custom configurations or settings that were created for Istio will be lost, and will need to be re-created when Istio is reinstalled. For this reason, it is important to back up any configurations or settings before uninstalling Istio in a production environment.
The recommended way to install Istio is to use istioctl with a custom IstioOperator. This allows you to configure the control plane as well as manage the Istio installation in a declarative way.