Istio charms need to provide a way to configure images for airgapped environment #322

i-chvets · 2023-08-30T19:55:38Z

Description

For Istio components to run in an airgapped environment all image workloads that can end up running need to be configurable.

Design/solution

Changes required for both Istio charms: istio-pilot and isito-gateway.

For istio-pilot a configuration option image-configuration is added to charm's configuration (config.yaml). This option allows to provide charm, at deployment time, with image information that is used when handling installation of the workload. Since istio-pilot uses istioctl binary to configure the workload, a call to this binary contains all necessary image infromation to be used in deployment. This is achieved by using --set option of istioctl and supplying image information found in the charm configuration.
image-configuration option is multi-line YAML or JSON that can be passed at deployment time of istio-pilot

For istio-gateway a configuration option proxy-image is added to configuration. This option is used when rendering manifest to ensure a correct image is referenced.

Implementation is done separately for each charm to allow for proper separation of changes.

PR for Istio Pilot charm: #321 (this work is largerly based on this PR #316)
PR for Istio Gateway charm: #323

Testing

Testing is done in airgapped environment that was setup using this guide (still draft PR at this point, but will be in official README).

Create test VM (Multipass, Cloud, etc.)
Deploy airgapped container as described in this guide
Build Istio charms locallt using this branch: istio-pilot and istion-ingressgateway
Transfer these two charms to the VM (in case of Multipass VM: multipass transfer <charms> <vm-name>:/home/ubuntu)
Login into test VM and start airgapped test container as described in the guide
Copy the charms into airgapped contaier as described in the guide, eg. lxc file push <charms> airgapped-microk8s/root/
In airgapped test container ensure that MIcrok8s controller is running and kubeflow model exists.
Obtain image information to be used in deployment of both Istio charms and note image repository and tag, they wil be used in deployment (see below):

# docker images
REPOSITORY                      TAG       IMAGE ID       CREATED        SIZE
registry                        2.8.1     f5352b75f67e   3 months ago   25.9MB
172.17.0.2:5000/istio/proxyv2   1.16.2    0ed03fb4d64c   7 months ago   249MB
172.17.0.2:5000/istio/pilot     1.16.2    2c8b5d81a23c   7 months ago   190MB

Deploy and relate charms with image-configuration option set to string that contains JSON with information obtained from previous step, eg. registry (172.17.0.2:5000), image names and tag 1.16.2`, etc.:

juju deploy ./istio-pilot_ubuntu-20.04-amd64.charm --trust --config image-configuration="{"pilot-image": pilot, "global-tag": 1.16.2, "global-hub": 172.17.0.2:5000/istio, "global-proxy-image": proxyv2, "global-proxy-init-image": proxyv2, "grpc-bootstrap-init": busybox:1.28}"
juju deploy ./istio-gateway_ubuntu-20.04-amd64.charm istio-ingressgateway --config kind=ingress --config proxy-image=172.17.0.2:5000/istio/proxyv2:1.16.2
juju relate istio-pilot istio-ingressgateway

Wait for successful deployment of Istio charms.
Verify deployment:

# juju status --relations
Model     Controller          Cloud/Region        Version  SLA          Timestamp
kubeflow  microk8s-localhost  microk8s/localhost  2.9.44   unsupported  19:52:56Z

App                   Version  Status  Scale  Charm          Channel  Rev  Address         Exposed  Message
istio-ingressgateway           active      1  istio-gateway             0  10.152.183.147  no       
istio-pilot                    active      1  istio-pilot               0  10.152.183.36   no       

Unit                     Workload  Agent  Address       Ports  Message
istio-ingressgateway/0*  active    idle   10.1.205.173         
istio-pilot/0*           active    idle   10.1.205.171         

Relation provider        Requirer                          Interface    Type     Message
istio-pilot:istio-pilot  istio-ingressgateway:istio-pilot  k8s-service  regular 

# microk8s.kubectl -n kubeflow get pods
NAME                                            READY   STATUS    RESTARTS   AGE
modeloperator-7b89654c4d-t8fvv                  1/1     Running   0          4m26s
istiod-df6b8f759-59sgw                          1/1     Running   0          2m25s
istio-pilot-0                                   1/1     Running   0          3m18s
istio-ingressgateway-0                          1/1     Running   0          108s
istio-ingressgateway-workload-b8b7dbc5c-tx9cb   1/1     Running   0          25s

# microk8s.kubectl -n kubeflow get gateways
NAME            AGE
istio-gateway   2m54s

# microk8s.kubectl -n kubeflow describe pod istiod-df6b8f759-59sgw | grep Image:
    Image:         172.17.0.2:5000/istio/pilot:1.16.2

# microk8s.kubectl -n kubeflow describe pod istio-ingressgateway-workload-b8b7dbc5c-tx9cb | grep Image:
    Image:         172.17.0.2:5000/istio/proxyv2:1.16.2

The text was updated successfully, but these errors were encountered:

#322 Summary of changes: - Added unit tests. - Modified config.yaml to make it consistent. - Added get config helper to allow for better testing. This can also be expanded further.

#322 Summary of changes: - Added proxy-image config option. - Updated manifest template with placeholder for proxy image. - Modified charm code to render manifest with proxy image from configuration.

# Description More details in: #322 # Summary of changes: - Added proxy-image config option. - Updated manifest template with placeholder for proxy image. - Modified charm code to render manifest with proxy image from configuration. # Testing For complete testing refer to #322 --------- Co-authored-by: Orfeas Kourkakis <[email protected]>

# Description More details in: #322 The changes in this PR are based on work done in #316 Created a new PR to simplify workflow. # Summary of changes: - Modified code to use --set to alter precompile istioctl manifests to allow changes according to charm configuration. - Added `image-configuration` option to istio-pilot `config.yaml` - Added `proxy-image` option to istio-gatewat `config.yaml` - Added unit test for testing helper that retrieves configuration. # Testing For complete testing refer to #322 Related PR: #320 NOTE: Created [issue](#324) to track updates to process of updating Istio.

More details in: #322 - Added proxy-image config option. - Updated manifest template with placeholder for proxy image. - Modified charm code to render manifest with proxy image from configuration. For complete testing refer to #322 --------- Co-authored-by: Orfeas Kourkakis <[email protected]>

# Description More details in: #322 The changes in this PR are based on work done in #316 Created a new PR to simplify workflow. # Summary of changes: - Modified code to use --set to alter precompile istioctl manifests to allow changes according to charm configuration. - Added `image-configuration` option to istio-pilot `config.yaml` - Added `proxy-image` option to istio-gatewat `config.yaml` - Added unit test for testing helper that retrieves configuration. # Testing For complete testing refer to #322 Related PR: #320 NOTE: Created [issue](#324) to track updates to process of updating Istio.

More details in: #322 - Added proxy-image config option. - Updated manifest template with placeholder for proxy image. - Modified charm code to render manifest with proxy image from configuration. For complete testing refer to #322 --------- Co-authored-by: Orfeas Kourkakis <[email protected]>

DnPlas · 2024-01-17T22:29:28Z

This enhancement was completed in #321 and #323. Closing the issue now as there is nothing else that needs to be tracked.

i-chvets self-assigned this Aug 30, 2023

i-chvets mentioned this issue Aug 30, 2023

Kf 3996 istio-pilot control plane configurable images with set #321

Merged

i-chvets pushed a commit that referenced this issue Aug 30, 2023

feat: istio-pilot configurable images

c4ee270

#322 Summary of changes: - Added unit tests. - Modified config.yaml to make it consistent. - Added get config helper to allow for better testing. This can also be expanded further.

i-chvets mentioned this issue Aug 30, 2023

feat: configurable images for istio-gateway #323

Merged

i-chvets added 23.10 Should be fixed by 23.10 Kubeflow 1.8 This issue affects the Charmed Kubeflow 1.8 release labels Aug 30, 2023

This was referenced Aug 31, 2023

Test latest CKF in an airgapped environment canonical/bundle-kubeflow#681

Open

Describe method of updating images references and version when updating Istio #324

Open

DnPlas closed this as completed Jan 17, 2024

github-project-automation bot added this to MLOps Solution Issues Aug 29, 2024

github-project-automation bot moved this to Done in MLOps Solution Issues Aug 29, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Istio charms need to provide a way to configure images for airgapped environment #322

Istio charms need to provide a way to configure images for airgapped environment #322

i-chvets commented Aug 30, 2023 •

edited

Loading

DnPlas commented Jan 17, 2024

Istio charms need to provide a way to configure images for airgapped environment #322

Istio charms need to provide a way to configure images for airgapped environment #322

Comments

i-chvets commented Aug 30, 2023 • edited Loading

Description

Design/solution

Testing

DnPlas commented Jan 17, 2024

i-chvets commented Aug 30, 2023 •

edited

Loading