From 51ad5ce5e5147e4ca1271703a0eb7f9ff160c9ad Mon Sep 17 00:00:00 2001 From: Benjamin Leggett Date: Tue, 10 Dec 2024 17:47:45 -0500 Subject: [PATCH 01/10] Install Signed-off-by: Benjamin Leggett --- .../ambient/install/helm/all-in-one/index.md | 174 ++++++++++++++++++ .../ambient/install/helm/all-in-one/snips.sh | 79 ++++++++ .../ambient/install/helm/all-in-one/test.sh | 34 ++++ content/en/docs/ambient/install/helm/index.md | 6 + 4 files changed, 293 insertions(+) create mode 100644 content/en/docs/ambient/install/helm/all-in-one/index.md create mode 100644 content/en/docs/ambient/install/helm/all-in-one/snips.sh create mode 100644 content/en/docs/ambient/install/helm/all-in-one/test.sh diff --git a/content/en/docs/ambient/install/helm/all-in-one/index.md b/content/en/docs/ambient/install/helm/all-in-one/index.md new file mode 100644 index 0000000000000..bcd499cc90623 --- /dev/null +++ b/content/en/docs/ambient/install/helm/all-in-one/index.md @@ -0,0 +1,174 @@ +--- +title: Install with Helm (simple) +description: Install Istio with support for ambient mode with Helm using a single chart. +weight: 4 +owner: istio/wg-environments-maintainers +test: yes +draft: true +--- + +{{< tip >}} +Follow this guide to install and configure an Istio mesh with support for ambient mode. +If you are new to Istio, and just want to try it out, follow the +[quick start instructions](/docs/ambient/getting-started) instead. +{{< /tip >}} + +We encourage the use of Helm to install Istio for production use in ambient mode. To allow controlled upgrades, the control plane and data plane components are packaged and installed separately. (Because the ambient data plane is split across [two components](/docs/ambient/architecture/data-plane), the ztunnel and waypoints, upgrades involve separate steps for these components.) + +## Prerequisites + +1. Check the [Platform-Specific Prerequisites](/docs/ambient/install/platform-prerequisites). + +1. [Install the Helm client](https://helm.sh/docs/intro/install/), version 3.6 or above. + +1. Configure the Helm repository: + + {{< text syntax=bash snip_id=configure_helm >}} + $ helm repo add istio https://istio-release.storage.googleapis.com/charts + $ helm repo update + {{< /text >}} + + + + + + + + + + + +### Install or upgrade the Kubernetes Gateway API CRDs + +{{< boilerplate gateway-api-install-crds >}} + +### Install the Istio ambient control plane and data plane + +The `ambient` chart installs all the Istio data plane and control plane components required for +ambient, using a Helm wrapper chart that composes the individual component charts. + +{{< warning >}} +Note that if you install everything as part of this wrapper chart, you can only upgrade or uninstall +ambient via this wrapper chart - you cannot upgrade or uninstall subcomponents individually. +{{< /warning >}} + +{{< text syntax=bash snip_id=install_ambient_aio >}} +$ helm install ambient istio/ambient --namespace istio-system --create-namespace --wait +{{< /text >}} + +### Ingress gateway (optional) + +{{< tip >}} +{{< boilerplate gateway-api-future >}} +If you use the Gateway API, you do not need to install and manage an ingress gateway Helm chart as described below. +Refer to the [Gateway API task](/docs/tasks/traffic-management/ingress/gateway-api/#automated-deployment) for details. +{{< /tip >}} + +To install an ingress gateway, run the command below: + +{{< text syntax=bash snip_id=install_ingress >}} +$ helm install istio-ingress istio/gateway -n istio-ingress --create-namespace --wait +{{< /text >}} + +If your Kubernetes cluster doesn't support the `LoadBalancer` service type (`type: LoadBalancer`) with a proper external IP assigned, run the above command without the `--wait` parameter to avoid the infinite wait. See [Installing Gateways](/docs/setup/additional-setup/gateway/) for in-depth documentation on gateway installation. + +## Configuration + +The ambient wrapper chart composes the following component Helm charts + +- base +- istiod +- istio-cni +- ztunnel + +Default configuration values can be changed using one or more `--set =` arguments. Alternatively, you can specify several parameters in a custom values file using the `--values ` argument. + +You can override component-level settings via the wrapper chart just like you can when installing +the components individually, by prefixing the value path with the name of the component. + +Example: + +{{< text syntax=bash snip_id=none >}} +$ helm install istiod istio/istiod --set hub=gcr.io/istio-testing +{{< /text >}} + +Becomes: + +{{< text syntax=bash snip_id=none >}} +$ helm install ambient istio/ambient --set istiod.hub=gcr.io/istio-testing +{{< /text >}} + +when set via the wrapper chart. + +To view supported configuration options and documentation for each subcomponent, run: + +{{< text syntax=bash >}} +$ helm show values istio/istiod +{{< /text >}} + +for each component you are interested in. + +Full details on how to use and customize Helm installations are available in [the sidecar installation documentation](/docs/setup/install/helm/). + +## Verify the installation + +### Verify the workload status + +After installing all the components, you can check the Helm deployment status with: + +{{< text syntax=bash snip_id=show_components >}} +$ helm ls -n istio-system +NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION +istio-base istio-system 1 2024-04-17 22:14:45.964722028 +0000 UTC deployed base-{{< istio_full_version >}} {{< istio_full_version >}} +istio-cni istio-system 1 2024-04-17 22:14:45.964722028 +0000 UTC deployed cni-{{< istio_full_version >}} {{< istio_full_version >}} +istiod istio-system 1 2024-04-17 22:14:45.964722028 +0000 UTC deployed istiod-{{< istio_full_version >}} {{< istio_full_version >}} +ztunnel istio-system 1 2024-04-17 22:14:45.964722028 +0000 UTC deployed ztunnel-{{< istio_full_version >}} {{< istio_full_version >}} +{{< /text >}} + +You can check the status of the deployed pods with: + +{{< text syntax=bash snip_id=check_pods >}} +$ kubectl get pods -n istio-system +NAME READY STATUS RESTARTS AGE +istio-cni-node-g97z5 1/1 Running 0 10m +istiod-5f4c75464f-gskxf 1/1 Running 0 10m +ztunnel-c2z4s 1/1 Running 0 10m +{{< /text >}} + +### Verify with the sample application + +After installing ambient mode with Helm, you can follow the [Deploy the sample application](/docs/ambient/getting-started/deploy-sample-app/) guide to deploy the sample application and ingress gateways, and then you can +[add your application to the ambient mesh](/docs/ambient/getting-started/secure-and-visualize/#add-bookinfo-to-the-mesh). + +## Uninstall + +You can uninstall Istio and its components by uninstalling the charts +installed above. + +1. + {{< text syntax=bash snip_id=delete_ambient_aio >}} + $ helm delete ambient -n istio-system + {{< /text >}} + +1. (Optional) Delete any Istio gateway chart installations: + + {{< text syntax=bash snip_id=delete_ingress >}} + $ helm delete istio-ingress -n istio-ingress + $ kubectl delete namespace istio-ingress + {{< /text >}} + +1. Delete CRDs installed by Istio (optional) + + {{< warning >}} + This will delete all created Istio resources. + {{< /warning >}} + + {{< text syntax=bash snip_id=delete_crds >}} + $ kubectl get crd -oname | grep --color=never 'istio.io' | xargs kubectl delete + {{< /text >}} + +1. Delete the `istio-system` namespace: + + {{< text syntax=bash snip_id=delete_system_namespace >}} + $ kubectl delete namespace istio-system + {{< /text >}} diff --git a/content/en/docs/ambient/install/helm/all-in-one/snips.sh b/content/en/docs/ambient/install/helm/all-in-one/snips.sh new file mode 100644 index 0000000000000..ed431cd8bb144 --- /dev/null +++ b/content/en/docs/ambient/install/helm/all-in-one/snips.sh @@ -0,0 +1,79 @@ +#!/bin/bash +# shellcheck disable=SC2034,SC2153,SC2155,SC2164 + +# Copyright Istio Authors. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#################################################################################################### +# WARNING: THIS IS AN AUTO-GENERATED FILE, DO NOT EDIT. PLEASE MODIFY THE ORIGINAL MARKDOWN FILE: +# docs/ambient/install/helm/all-in-one/index.md +#################################################################################################### +source "content/en/boilerplates/snips/gateway-api-install-crds.sh" + +snip_configure_helm() { +helm repo add istio https://istio-release.storage.googleapis.com/charts +helm repo update +} + +snip_install_ambient_aio() { +helm install ambient istio/ambient --namespace istio-system --create-namespace --wait +} + +snip_install_ingress() { +helm install istio-ingress istio/gateway -n istio-ingress --create-namespace --wait +} + +snip_configuration_3() { +helm show values istio/istiod +} + +snip_show_components() { +helm ls -n istio-system +} + +! IFS=$'\n' read -r -d '' snip_show_components_out <<\ENDSNIP +NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION +istio-base istio-system 1 2024-04-17 22:14:45.964722028 +0000 UTC deployed base-1.25.0 1.25.0 +istio-cni istio-system 1 2024-04-17 22:14:45.964722028 +0000 UTC deployed cni-1.25.0 1.25.0 +istiod istio-system 1 2024-04-17 22:14:45.964722028 +0000 UTC deployed istiod-1.25.0 1.25.0 +ztunnel istio-system 1 2024-04-17 22:14:45.964722028 +0000 UTC deployed ztunnel-1.25.0 1.25.0 +ENDSNIP + +snip_check_pods() { +kubectl get pods -n istio-system +} + +! IFS=$'\n' read -r -d '' snip_check_pods_out <<\ENDSNIP +NAME READY STATUS RESTARTS AGE +istio-cni-node-g97z5 1/1 Running 0 10m +istiod-5f4c75464f-gskxf 1/1 Running 0 10m +ztunnel-c2z4s 1/1 Running 0 10m +ENDSNIP + +snip_delete_ambient_aio() { +helm delete ambient -n istio-system +} + +snip_delete_ingress() { +helm delete istio-ingress -n istio-ingress +kubectl delete namespace istio-ingress +} + +snip_delete_crds() { +kubectl get crd -oname | grep --color=never 'istio.io' | xargs kubectl delete +} + +snip_delete_system_namespace() { +kubectl delete namespace istio-system +} diff --git a/content/en/docs/ambient/install/helm/all-in-one/test.sh b/content/en/docs/ambient/install/helm/all-in-one/test.sh new file mode 100644 index 0000000000000..8ee26f75f0674 --- /dev/null +++ b/content/en/docs/ambient/install/helm/all-in-one/test.sh @@ -0,0 +1,34 @@ +#!/usr/bin/env bash +# shellcheck disable=SC2154 + +# Copyright Istio Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -e +set -u + +set -o pipefail + +# @setup profile=none + +snip_configure_helm +_rewrite_helm_repo snip_install_ambient_aio + +_verify_like snip_show_components "$snip_show_components_out" +_verify_like snip_check_pods "$snip_check_pods_out" + +# @cleanup +snip_delete_ambient_aio +snip_delete_crds +snip_delete_system_namespace diff --git a/content/en/docs/ambient/install/helm/index.md b/content/en/docs/ambient/install/helm/index.md index a5d6d6bdca644..d858e486e5fe8 100644 --- a/content/en/docs/ambient/install/helm/index.md +++ b/content/en/docs/ambient/install/helm/index.md @@ -86,6 +86,12 @@ $ helm install ztunnel istio/ztunnel -n istio-system --wait ### Ingress gateway (optional) +{{< tip >}} +{{< boilerplate gateway-api-future >}} +If you use the Gateway API, you do not need to install and manage an ingress gateway Helm chart as described below. +Refer to the [Gateway API task](/docs/tasks/traffic-management/ingress/gateway-api/#automated-deployment) for details. +{{< /tip >}} + To install an ingress gateway, run the command below: {{< text syntax=bash snip_id=install_ingress >}} From 5b49c2630108969ceded61664b9f11bf321ba5f4 Mon Sep 17 00:00:00 2001 From: Benjamin Leggett Date: Tue, 10 Dec 2024 18:47:20 -0500 Subject: [PATCH 02/10] Upgrade Signed-off-by: Benjamin Leggett --- .../ambient/upgrade/helm/all-in-one/common.sh | 29 ++++++++ .../ambient/upgrade/helm/all-in-one/index.md | 66 +++++++++++++++++++ .../ambient/upgrade/helm/all-in-one/snips.sh | 38 +++++++++++ .../ambient/upgrade/helm/all-in-one/test.sh | 35 ++++++++++ content/en/docs/setup/upgrade/helm/index.md | 2 +- 5 files changed, 169 insertions(+), 1 deletion(-) create mode 100644 content/en/docs/ambient/upgrade/helm/all-in-one/common.sh create mode 100644 content/en/docs/ambient/upgrade/helm/all-in-one/index.md create mode 100644 content/en/docs/ambient/upgrade/helm/all-in-one/snips.sh create mode 100755 content/en/docs/ambient/upgrade/helm/all-in-one/test.sh diff --git a/content/en/docs/ambient/upgrade/helm/all-in-one/common.sh b/content/en/docs/ambient/upgrade/helm/all-in-one/common.sh new file mode 100644 index 0000000000000..738e437ef0ebe --- /dev/null +++ b/content/en/docs/ambient/upgrade/helm/all-in-one/common.sh @@ -0,0 +1,29 @@ +#!/usr/bin/env bash +# Copyright Istio Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +source "content/en/docs/ambient/install/helm/all-in-one/snips.sh" + +_install_istio_ambient_helm_aio() { + snip_configure_helm + _rewrite_helm_repo snip_install_ambient_aio + _wait_for_deployment istio-system istiod + _wait_for_daemonset istio-system istio-cni-node + _wait_for_daemonset istio-system ztunnel +} + +_remove_istio_ambient_helm_aio() { + snip_delete_ambient_aio + snip_delete_crds + snip_delete_system_namespace +} diff --git a/content/en/docs/ambient/upgrade/helm/all-in-one/index.md b/content/en/docs/ambient/upgrade/helm/all-in-one/index.md new file mode 100644 index 0000000000000..f20247b1d912b --- /dev/null +++ b/content/en/docs/ambient/upgrade/helm/all-in-one/index.md @@ -0,0 +1,66 @@ +--- +title: Upgrade with Helm (simple) +description: Upgrading an ambient mode installation with Helm using a single chart +weight: 5 +owner: istio/wg-environments-maintainers +test: yes +draft: true +--- + +Follow this guide to upgrade and configure an ambient mode installation using +[Helm](https://helm.sh/docs/). This guide assumes you have already performed an [ambient mode installation with Helm and the ambient wrapper chart](/docs/ambient/install/helm/all-in-one) with a previous version of Istio. + +{{< warning >}} +Note that these upgrade instructions only apply if you are upgrading Helm installation created using the +ambient wrapper chart, if you installed via individual Helm component charts, see [the relevant upgrade docs](docs/ambient/upgrade/helm) +{{< /warning >}} + +## Understanding ambient mode upgrades + +{{< warning >}} +Note that if you install everything as part of this wrapper chart, you can only upgrade or uninstall +ambient via this wrapper chart - you cannot upgrade or uninstall subcomponents individually. +{{< /warning >}} + +## Prerequisites + +### Prepare for the upgrade + +Before upgrading Istio, we recommend downloading the new version of istioctl, and running `istioctl x precheck` to make sure the upgrade is compatible with your environment. The output should look something like this: + +{{< text syntax=bash snip_id=istioctl_precheck >}} +$ istioctl x precheck +✔ No issues found when checking the cluster. Istio is safe to install or upgrade! + To get started, check out +{{< /text >}} + +Now, update the Helm repository: + +{{< text syntax=bash snip_id=update_helm >}} +$ helm repo update istio +{{< /text >}} + +### Upgrade the Istio ambient control plane and data plane + +{{< warning >}} +Upgrading using the wrapper chart in-place will briefly disrupt all ambient mesh traffic on the node, **even with the use of revisions**. In practice the disruption period is a very small window, primarily affecting long-running connections. + +Node cordoning and blue/green node pools are recommended to mitigate blast radius risk during production upgrades. See your Kubernetes provider documentation for details. +{{< /warning >}} + +The `ambient` chart upgrades all the Istio data plane and control plane components required for +ambient, using a Helm wrapper chart that composes the individual component charts. + +If you have customized your istiod installation, you can reuse the `values.yaml` file from previous upgrades or installs to keep settings consistent. + +{{< text syntax=bash snip_id=upgrade_ambient_aio >}} +$ helm upgrade ambient istio/ambient -n istio-system --wait +{{< /text >}} + +### Upgrade manually deployed gateway chart (optional) + +`Gateway`s that were [deployed manually](/docs/tasks/traffic-management/ingress/gateway-api/#manual-deployment) must be upgraded individually using Helm: + +{{< text syntax=bash snip_id=none >}} +$ helm upgrade istio-ingress istio/gateway -n istio-ingress +{{< /text >}} diff --git a/content/en/docs/ambient/upgrade/helm/all-in-one/snips.sh b/content/en/docs/ambient/upgrade/helm/all-in-one/snips.sh new file mode 100644 index 0000000000000..70a0f2b21cff8 --- /dev/null +++ b/content/en/docs/ambient/upgrade/helm/all-in-one/snips.sh @@ -0,0 +1,38 @@ +#!/bin/bash +# shellcheck disable=SC2034,SC2153,SC2155,SC2164 + +# Copyright Istio Authors. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#################################################################################################### +# WARNING: THIS IS AN AUTO-GENERATED FILE, DO NOT EDIT. PLEASE MODIFY THE ORIGINAL MARKDOWN FILE: +# docs/ambient/upgrade/helm/all-in-one/index.md +#################################################################################################### + +snip_istioctl_precheck() { +istioctl x precheck +} + +! IFS=$'\n' read -r -d '' snip_istioctl_precheck_out <<\ENDSNIP +✔ No issues found when checking the cluster. Istio is safe to install or upgrade! + To get started, check out +ENDSNIP + +snip_update_helm() { +helm repo update istio +} + +snip_upgrade_ambient_aio() { +helm upgrade ambient istio/ambient -n istio-system --wait +} diff --git a/content/en/docs/ambient/upgrade/helm/all-in-one/test.sh b/content/en/docs/ambient/upgrade/helm/all-in-one/test.sh new file mode 100755 index 0000000000000..8855264df99a7 --- /dev/null +++ b/content/en/docs/ambient/upgrade/helm/all-in-one/test.sh @@ -0,0 +1,35 @@ +#!/usr/bin/env bash +# Copyright Istio Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -e +set -u + +set -o pipefail + +source "content/en/docs/ambient/upgrade/helm/common.sh" + +# @setup profile=none +_install_istio_ambient_helm_aio + +snip_update_helm + +_rewrite_helm_repo snip_upgrade_ambient_aio +_wait_for_deployment istio-system istiod +_wait_for_daemonset istio-system ztunnel +_wait_for_daemonset istio-system istio-cni-node + +# @cleanup + +_remove_istio_ambient_helm_aio diff --git a/content/en/docs/setup/upgrade/helm/index.md b/content/en/docs/setup/upgrade/helm/index.md index c1f94117c68e9..1b3403c7f6e45 100644 --- a/content/en/docs/setup/upgrade/helm/index.md +++ b/content/en/docs/setup/upgrade/helm/index.md @@ -159,7 +159,7 @@ preserve your custom configuration during Helm upgrades. $ helm upgrade istiod istio/istiod -n istio-system {{< /text >}} -1. (Optional) Upgrade and gateway charts installed in your cluster: +1. (Optional) Upgrade any gateway charts installed in your cluster: {{< text bash >}} $ helm upgrade istio-ingress istio/gateway -n istio-ingress From d8a86a1a8bdf12c402da0e1d7b4540ebfc88770d Mon Sep 17 00:00:00 2001 From: Benjamin Leggett Date: Mon, 16 Dec 2024 17:19:10 -0500 Subject: [PATCH 03/10] Fixup/lint Signed-off-by: Benjamin Leggett --- .../ambient/install/helm/all-in-one/index.md | 19 ++++++++----------- .../ambient/install/helm/all-in-one/snips.sh | 5 +---- .../ambient/upgrade/helm/all-in-one/index.md | 6 +++--- .../ambient/upgrade/helm/all-in-one/snips.sh | 2 +- 4 files changed, 13 insertions(+), 19 deletions(-) diff --git a/content/en/docs/ambient/install/helm/all-in-one/index.md b/content/en/docs/ambient/install/helm/all-in-one/index.md index bcd499cc90623..ab811986e49e6 100644 --- a/content/en/docs/ambient/install/helm/all-in-one/index.md +++ b/content/en/docs/ambient/install/helm/all-in-one/index.md @@ -28,7 +28,6 @@ We encourage the use of Helm to install Istio for production use in ambient mode $ helm repo update {{< /text >}} - @@ -49,7 +48,7 @@ ambient, using a Helm wrapper chart that composes the individual component chart {{< warning >}} Note that if you install everything as part of this wrapper chart, you can only upgrade or uninstall -ambient via this wrapper chart - you cannot upgrade or uninstall subcomponents individually. +ambient via this wrapper chart - you cannot upgrade or uninstall sub-components individually. {{< /warning >}} {{< text syntax=bash snip_id=install_ambient_aio >}} @@ -89,18 +88,18 @@ the components individually, by prefixing the value path with the name of the co Example: {{< text syntax=bash snip_id=none >}} -$ helm install istiod istio/istiod --set hub=gcr.io/istio-testing +$ helm install istiod istio/istiod --set hub=gcr.io/istio-testing {{< /text >}} Becomes: {{< text syntax=bash snip_id=none >}} -$ helm install ambient istio/ambient --set istiod.hub=gcr.io/istio-testing +$ helm install istio-ambient istio/ambient --set istiod.hub=gcr.io/istio-testing {{< /text >}} when set via the wrapper chart. -To view supported configuration options and documentation for each subcomponent, run: +To view supported configuration options and documentation for each sub-component, run: {{< text syntax=bash >}} $ helm show values istio/istiod @@ -119,10 +118,7 @@ After installing all the components, you can check the Helm deployment status wi {{< text syntax=bash snip_id=show_components >}} $ helm ls -n istio-system NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION -istio-base istio-system 1 2024-04-17 22:14:45.964722028 +0000 UTC deployed base-{{< istio_full_version >}} {{< istio_full_version >}} -istio-cni istio-system 1 2024-04-17 22:14:45.964722028 +0000 UTC deployed cni-{{< istio_full_version >}} {{< istio_full_version >}} -istiod istio-system 1 2024-04-17 22:14:45.964722028 +0000 UTC deployed istiod-{{< istio_full_version >}} {{< istio_full_version >}} -ztunnel istio-system 1 2024-04-17 22:14:45.964722028 +0000 UTC deployed ztunnel-{{< istio_full_version >}} {{< istio_full_version >}} +ambient istio-system 1 2024-04-17 22:14:45.964722028 +0000 UTC deployed ambient-{{< istio_full_version >}} {{< istio_full_version >}} {{< /text >}} You can check the status of the deployed pods with: @@ -142,10 +138,11 @@ After installing ambient mode with Helm, you can follow the [Deploy the sample a ## Uninstall -You can uninstall Istio and its components by uninstalling the charts +You can uninstall Istio and its components by uninstalling the chart installed above. -1. +1. Uninstall all Istio components + {{< text syntax=bash snip_id=delete_ambient_aio >}} $ helm delete ambient -n istio-system {{< /text >}} diff --git a/content/en/docs/ambient/install/helm/all-in-one/snips.sh b/content/en/docs/ambient/install/helm/all-in-one/snips.sh index ed431cd8bb144..eb1d3d62df1b7 100644 --- a/content/en/docs/ambient/install/helm/all-in-one/snips.sh +++ b/content/en/docs/ambient/install/helm/all-in-one/snips.sh @@ -44,10 +44,7 @@ helm ls -n istio-system ! IFS=$'\n' read -r -d '' snip_show_components_out <<\ENDSNIP NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION -istio-base istio-system 1 2024-04-17 22:14:45.964722028 +0000 UTC deployed base-1.25.0 1.25.0 -istio-cni istio-system 1 2024-04-17 22:14:45.964722028 +0000 UTC deployed cni-1.25.0 1.25.0 -istiod istio-system 1 2024-04-17 22:14:45.964722028 +0000 UTC deployed istiod-1.25.0 1.25.0 -ztunnel istio-system 1 2024-04-17 22:14:45.964722028 +0000 UTC deployed ztunnel-1.25.0 1.25.0 +ambient istio-system 1 2024-04-17 22:14:45.964722028 +0000 UTC deployed ambient-1.25.0 1.25.0 ENDSNIP snip_check_pods() { diff --git a/content/en/docs/ambient/upgrade/helm/all-in-one/index.md b/content/en/docs/ambient/upgrade/helm/all-in-one/index.md index f20247b1d912b..fd402b9b52be0 100644 --- a/content/en/docs/ambient/upgrade/helm/all-in-one/index.md +++ b/content/en/docs/ambient/upgrade/helm/all-in-one/index.md @@ -11,7 +11,7 @@ Follow this guide to upgrade and configure an ambient mode installation using [Helm](https://helm.sh/docs/). This guide assumes you have already performed an [ambient mode installation with Helm and the ambient wrapper chart](/docs/ambient/install/helm/all-in-one) with a previous version of Istio. {{< warning >}} -Note that these upgrade instructions only apply if you are upgrading Helm installation created using the +Note that these upgrade instructions only apply if you are upgrading Helm installation created using the ambient wrapper chart, if you installed via individual Helm component charts, see [the relevant upgrade docs](docs/ambient/upgrade/helm) {{< /warning >}} @@ -19,7 +19,7 @@ ambient wrapper chart, if you installed via individual Helm component charts, se {{< warning >}} Note that if you install everything as part of this wrapper chart, you can only upgrade or uninstall -ambient via this wrapper chart - you cannot upgrade or uninstall subcomponents individually. +ambient via this wrapper chart - you cannot upgrade or uninstall sub-components individually. {{< /warning >}} ## Prerequisites @@ -54,7 +54,7 @@ ambient, using a Helm wrapper chart that composes the individual component chart If you have customized your istiod installation, you can reuse the `values.yaml` file from previous upgrades or installs to keep settings consistent. {{< text syntax=bash snip_id=upgrade_ambient_aio >}} -$ helm upgrade ambient istio/ambient -n istio-system --wait +$ helm upgrade istio-ambient istio/ambient -n istio-system --wait {{< /text >}} ### Upgrade manually deployed gateway chart (optional) diff --git a/content/en/docs/ambient/upgrade/helm/all-in-one/snips.sh b/content/en/docs/ambient/upgrade/helm/all-in-one/snips.sh index 70a0f2b21cff8..dd32c908a18e3 100644 --- a/content/en/docs/ambient/upgrade/helm/all-in-one/snips.sh +++ b/content/en/docs/ambient/upgrade/helm/all-in-one/snips.sh @@ -34,5 +34,5 @@ helm repo update istio } snip_upgrade_ambient_aio() { -helm upgrade ambient istio/ambient -n istio-system --wait +helm upgrade istio-ambient istio/ambient -n istio-system --wait } From aae617308e3a6e4d258e0f893d142c5782495a28 Mon Sep 17 00:00:00 2001 From: Benjamin Leggett Date: Wed, 18 Dec 2024 15:15:03 -0500 Subject: [PATCH 04/10] Fix snip Signed-off-by: Benjamin Leggett --- content/en/docs/ambient/upgrade/helm/all-in-one/test.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/content/en/docs/ambient/upgrade/helm/all-in-one/test.sh b/content/en/docs/ambient/upgrade/helm/all-in-one/test.sh index 8855264df99a7..24ef7637d6128 100755 --- a/content/en/docs/ambient/upgrade/helm/all-in-one/test.sh +++ b/content/en/docs/ambient/upgrade/helm/all-in-one/test.sh @@ -18,10 +18,11 @@ set -u set -o pipefail +source "content/en/docs/ambient/install/helm/common.sh" source "content/en/docs/ambient/upgrade/helm/common.sh" # @setup profile=none -_install_istio_ambient_helm_aio +_rewrite_helm_repo snip_install_ambient_helm_aio snip_update_helm From d5a22a4a71e124e4f49f9a2d1770afb71c4891f0 Mon Sep 17 00:00:00 2001 From: Benjamin Leggett Date: Wed, 18 Dec 2024 18:09:03 -0500 Subject: [PATCH 05/10] Fixup tests Signed-off-by: Benjamin Leggett --- content/en/docs/ambient/install/helm/all-in-one/test.sh | 3 +++ tests/util/helpers.sh | 8 ++++++++ 2 files changed, 11 insertions(+) diff --git a/content/en/docs/ambient/install/helm/all-in-one/test.sh b/content/en/docs/ambient/install/helm/all-in-one/test.sh index 8ee26f75f0674..7339eb914f5df 100644 --- a/content/en/docs/ambient/install/helm/all-in-one/test.sh +++ b/content/en/docs/ambient/install/helm/all-in-one/test.sh @@ -22,6 +22,9 @@ set -o pipefail # @setup profile=none +snip_delete_crds +snip_delete_system_namespace + snip_configure_helm _rewrite_helm_repo snip_install_ambient_aio diff --git a/tests/util/helpers.sh b/tests/util/helpers.sh index 13583c206786a..816632bb4a6f5 100644 --- a/tests/util/helpers.sh +++ b/tests/util/helpers.sh @@ -149,6 +149,14 @@ _rewrite_helm_repo() { cmd="$(echo "${cmd}" | sed 's|istio/cni|manifests/charts/istio-cni|')" cmd="$(echo "${cmd}" | sed 's|istio/ztunnel|manifests/charts/ztunnel|')" cmd="$(echo "${cmd}" | sed 's|istio/gateway|manifests/charts/gateway|')" + cmd="$(echo "${cmd}" | sed 's|istio/ambient|manifests/sample-charts/ambient|')" cmd="$(echo "${cmd}" | sed -E "s|(helm[[:space:]]+[^[:space:]]+)|\1 --set global.tag=${ISTIO_IMAGE_VERSION=SHOULD_BE_SET}.${ISTIO_LONG_SHA=latest}|g")" + # Since we are using local charts here, we may need to manually rebundle the updates + # This is not required if installing directly from a real Helm repo + if [[ $cmd =~ "manifests/sample-charts/ambient" ]]; then + pushd manifests/sample-charts/ambient && helm dep update + popd || exit + fi + eval "${cmd}" } From 144757485d1b82297eb4872898378ee384bf86bd Mon Sep 17 00:00:00 2001 From: Benjamin Leggett Date: Thu, 19 Dec 2024 15:22:47 -0500 Subject: [PATCH 06/10] Only needed locally for out-of-order runs apparently Signed-off-by: Benjamin Leggett --- content/en/docs/ambient/install/helm/all-in-one/test.sh | 3 --- 1 file changed, 3 deletions(-) diff --git a/content/en/docs/ambient/install/helm/all-in-one/test.sh b/content/en/docs/ambient/install/helm/all-in-one/test.sh index 7339eb914f5df..8ee26f75f0674 100644 --- a/content/en/docs/ambient/install/helm/all-in-one/test.sh +++ b/content/en/docs/ambient/install/helm/all-in-one/test.sh @@ -22,9 +22,6 @@ set -o pipefail # @setup profile=none -snip_delete_crds -snip_delete_system_namespace - snip_configure_helm _rewrite_helm_repo snip_install_ambient_aio From 295129ea6e8f180e166160af7e210cfcd22a174b Mon Sep 17 00:00:00 2001 From: Benjamin Leggett Date: Thu, 19 Dec 2024 17:23:43 -0500 Subject: [PATCH 07/10] refs Signed-off-by: Benjamin Leggett --- content/en/docs/ambient/upgrade/helm/all-in-one/test.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/en/docs/ambient/upgrade/helm/all-in-one/test.sh b/content/en/docs/ambient/upgrade/helm/all-in-one/test.sh index 24ef7637d6128..30635f3faf91f 100755 --- a/content/en/docs/ambient/upgrade/helm/all-in-one/test.sh +++ b/content/en/docs/ambient/upgrade/helm/all-in-one/test.sh @@ -18,8 +18,8 @@ set -u set -o pipefail -source "content/en/docs/ambient/install/helm/common.sh" -source "content/en/docs/ambient/upgrade/helm/common.sh" +source "content/en/docs/ambient/upgrade/helm/all-in-one/common.sh" +source "content/en/docs/ambient/upgrade/helm/all-in-one/snips.sh" # @setup profile=none _rewrite_helm_repo snip_install_ambient_helm_aio From cbe3045bb6e983121984578e309c1cbefc9b71b9 Mon Sep 17 00:00:00 2001 From: Benjamin Leggett Date: Thu, 19 Dec 2024 18:35:01 -0500 Subject: [PATCH 08/10] fixup Signed-off-by: Benjamin Leggett --- content/en/docs/ambient/upgrade/helm/all-in-one/test.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/docs/ambient/upgrade/helm/all-in-one/test.sh b/content/en/docs/ambient/upgrade/helm/all-in-one/test.sh index 30635f3faf91f..035108a3a5619 100755 --- a/content/en/docs/ambient/upgrade/helm/all-in-one/test.sh +++ b/content/en/docs/ambient/upgrade/helm/all-in-one/test.sh @@ -22,7 +22,7 @@ source "content/en/docs/ambient/upgrade/helm/all-in-one/common.sh" source "content/en/docs/ambient/upgrade/helm/all-in-one/snips.sh" # @setup profile=none -_rewrite_helm_repo snip_install_ambient_helm_aio +_install_istio_ambient_helm_aio snip_update_helm From 39f973d3373cf0a63290b38e3473e205d43f55f9 Mon Sep 17 00:00:00 2001 From: Benjamin Leggett Date: Fri, 20 Dec 2024 10:36:41 -0500 Subject: [PATCH 09/10] Consistent naming of releases Signed-off-by: Benjamin Leggett --- content/en/docs/ambient/install/helm/all-in-one/index.md | 4 ++-- content/en/docs/ambient/install/helm/all-in-one/snips.sh | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/content/en/docs/ambient/install/helm/all-in-one/index.md b/content/en/docs/ambient/install/helm/all-in-one/index.md index ab811986e49e6..c0c1ce7178737 100644 --- a/content/en/docs/ambient/install/helm/all-in-one/index.md +++ b/content/en/docs/ambient/install/helm/all-in-one/index.md @@ -52,7 +52,7 @@ ambient via this wrapper chart - you cannot upgrade or uninstall sub-components {{< /warning >}} {{< text syntax=bash snip_id=install_ambient_aio >}} -$ helm install ambient istio/ambient --namespace istio-system --create-namespace --wait +$ helm install istio-ambient istio/ambient --namespace istio-system --create-namespace --wait {{< /text >}} ### Ingress gateway (optional) @@ -144,7 +144,7 @@ installed above. 1. Uninstall all Istio components {{< text syntax=bash snip_id=delete_ambient_aio >}} - $ helm delete ambient -n istio-system + $ helm delete istio-ambient -n istio-system {{< /text >}} 1. (Optional) Delete any Istio gateway chart installations: diff --git a/content/en/docs/ambient/install/helm/all-in-one/snips.sh b/content/en/docs/ambient/install/helm/all-in-one/snips.sh index eb1d3d62df1b7..9668df7bc3550 100644 --- a/content/en/docs/ambient/install/helm/all-in-one/snips.sh +++ b/content/en/docs/ambient/install/helm/all-in-one/snips.sh @@ -27,7 +27,7 @@ helm repo update } snip_install_ambient_aio() { -helm install ambient istio/ambient --namespace istio-system --create-namespace --wait +helm install istio-ambient istio/ambient --namespace istio-system --create-namespace --wait } snip_install_ingress() { @@ -59,7 +59,7 @@ ztunnel-c2z4s 1/1 Running 0 10m ENDSNIP snip_delete_ambient_aio() { -helm delete ambient -n istio-system +helm delete istio-ambient -n istio-system } snip_delete_ingress() { From a58db9c4fd54145d2ee7e150289e9c55c23e3c32 Mon Sep 17 00:00:00 2001 From: Benjamin Leggett Date: Fri, 20 Dec 2024 11:44:06 -0500 Subject: [PATCH 10/10] Forgot one Signed-off-by: Benjamin Leggett --- content/en/docs/ambient/install/helm/all-in-one/index.md | 2 +- content/en/docs/ambient/install/helm/all-in-one/snips.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/content/en/docs/ambient/install/helm/all-in-one/index.md b/content/en/docs/ambient/install/helm/all-in-one/index.md index c0c1ce7178737..f7660785d101c 100644 --- a/content/en/docs/ambient/install/helm/all-in-one/index.md +++ b/content/en/docs/ambient/install/helm/all-in-one/index.md @@ -118,7 +118,7 @@ After installing all the components, you can check the Helm deployment status wi {{< text syntax=bash snip_id=show_components >}} $ helm ls -n istio-system NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION -ambient istio-system 1 2024-04-17 22:14:45.964722028 +0000 UTC deployed ambient-{{< istio_full_version >}} {{< istio_full_version >}} +istio-ambient istio-system 1 2024-04-17 22:14:45.964722028 +0000 UTC deployed ambient-{{< istio_full_version >}} {{< istio_full_version >}} {{< /text >}} You can check the status of the deployed pods with: diff --git a/content/en/docs/ambient/install/helm/all-in-one/snips.sh b/content/en/docs/ambient/install/helm/all-in-one/snips.sh index 9668df7bc3550..a05acc6b8e710 100644 --- a/content/en/docs/ambient/install/helm/all-in-one/snips.sh +++ b/content/en/docs/ambient/install/helm/all-in-one/snips.sh @@ -44,7 +44,7 @@ helm ls -n istio-system ! IFS=$'\n' read -r -d '' snip_show_components_out <<\ENDSNIP NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION -ambient istio-system 1 2024-04-17 22:14:45.964722028 +0000 UTC deployed ambient-1.25.0 1.25.0 +istio-ambient istio-system 1 2024-04-17 22:14:45.964722028 +0000 UTC deployed ambient-1.25.0 1.25.0 ENDSNIP snip_check_pods() {