Use Istio 1.0.0.

[tcnghia]

I also added some explanation of the Helm options we used for generating istio.yaml.

I dropped the sleep 20 patch (see #1370), since we can't really dictate our yaml on user's clusters --- it doesn't make sense to keep carrying the patch. We'll leave the bug open to investigate if the issue is still around (many things have changed since we added that sleep 20) and find a different solution if it still lingers. After this change this yaml is just for a convenience one-liner without asking users to go through helm installation or Istio installation docs.

I dropped the global.proxy.image=proxyv2 option because that's the default now.

Will follow up with more documentation in knative/docs to explain what we expect from Istio sidecar injection setup so that users already having Istio would know how to configure it to work with Knative.

/assign @ZhiminXiang
/assign @evankanderson
/cc @scothis
/cc @krancour

[tcnghia]

/test pull-knative-serving-unit-tests

[mattmoor]

Awesome, thanks for pulling this in so quickly.

[krancour]

It would be good to make note of whether Istio installed as configured here is a production-ready configuration or more of a "kick-the-tires" configuration. I honestly do not know, but it would be good to call it out.

[krancour]

This comment is non-blocking, btw.

[krancour]

Istio 1.0 is installing fine for me as packaged here, but I'm having a little trouble getting Knative to install on top of it:

$ cat third_party/istio-1.0.0/istio.yaml | sed 's/LoadBalancer/NodePort/' | k apply -f -
...
$ curl -L https://github.com/knative/serving/releases/download/v0.1.0/release-lite.yaml   | sed 's/LoadBalancer/NodePort/'   | kubectl apply -f -
...
metric.config.istio.io "revisionrequestcount" configured
metric.config.istio.io "revisionrequestduration" configured
metric.config.istio.io "revisionrequestsize" configured
metric.config.istio.io "revisionresponsesize" configured
prometheus.config.istio.io "revisionpromhandler" configured
rule.config.istio.io "revisionpromhttp" configured
Error from server: error when creating "STDIN": admission webhook "pilot.validation.istio.io" denied the request: configuration is invalid: server must have TLS settings for HTTPS/TLS protocols

[tcnghia]

@krancour can you try with the nightly release instead?
This is being fixed in #1725. Istio added validations in 1.0 that weren't in 0.8.

[krancour]

Maybe I need to take #1725 into account? Seems it.

I'm having trouble building release.yaml using the release.sh script.

[tcnghia]

@krancour The YAML released nightly should already have the change (see #1722) so you won't need to apply #1725. However, we cut our 0.1.0 before 1.0 so we'll probably include #1725 in a 0.1.1 release from the 0.1 release branch.

[tcnghia]

@krancour we recently changed getting started to use 0.1.0 -- you can find the old url in the PR https://github.com/knative/docs/pull/287/files . We should still document it somewhere.

[krancour]

@tcnghia thanks. This all checks out for me on minikube. On Azure, I encounter known issues + a new issue of the istio-galley crash looping because of failed health checks. I do not assume that to be a problem with this change though.

[krancour]

On Azure, I encounter known issues + a new issue of the istio-galley crash looping

The new issue was user error. So this change checks out on at least minikube and Azure.

[krancour]

/approve

[scothis]

Manually tested with the eventing e2e tests in knative/eventing#304

/lgtm

[ZhiminXiang]

just curious, why do we not need to set "global.proxy.image=proxyv2" ?

[tcnghia]

The PR is updated with the explanation #1771 (comment)

[ZhiminXiang]

Good to know. Thanks!

[ZhiminXiang]

I guess we may still need to keep this PATCH until we fix issue #1370

[tcnghia]

I think we can't keep that because we don't have control over how the user may install Istio. I leave the bug open to track & fix that issue, which may or may not be there anymore (since it was an issue with Istio 0.6)

(see comment in #1771 (comment))

[ZhiminXiang]

Good to know. Thanks!

[ZhiminXiang]

/lgtm

[tcnghia]

@evankanderson can you please /approve? thanks

[scothis]

Needs namespace: istio-system

[tcnghia]

Bummer, but this is upstream https://github.com/istio/istio/blob/8daa232df6ef7cdbb2987de1187255b14e3c3989/install/kubernetes/helm/istio/charts/pilot/templates/autoscale.yaml

(compare that to https://github.com/istio/istio/blob/8daa232df6ef7cdbb2987de1187255b14e3c3989/install/kubernetes/helm/istio/charts/mixer/templates/autoscale.yaml)

I'll file a bug to Istio.

Nice catch, thanks.

[evankanderson]

What happens if we submit this without patching namespace?

Is this safe to submit, or do we need the upstream to be fixed first? Since this is an HPA, it probably just means that pilot won't scale-out if needed.

(BTW, you linked to the same file twice.)

[evankanderson]

I'll approve once @scothis' comment is resolved.

…

On Thu, Aug 2, 2018 at 2:49 PM Scott Andrews ***@***.***> wrote: ***@***.**** commented on this pull request. ------------------------------ In third_party/istio-1.0.0/istio.yaml <#1771 (comment)>: > + kind: Deployment + name: istio-telemetry + metrics: + - type: Resource + resource: + name: cpu + targetAverageUtilization: 80 +--- + +--- +# Source: istio/charts/pilot/templates/autoscale.yaml + +apiVersion: autoscaling/v2beta1 +kind: HorizontalPodAutoscaler +metadata: + name: istio-pilot Needs namespace: istio-system — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#1771 (review)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AHlyN6uN4MMhAklAYYm0srEKCY2jfa7Gks5uM3PNgaJpZM4Vpukh> .

-- Evan Anderson <argent@google.com>

[evankanderson]

I'm assuming that we're planning to change our documentation to say "Install istio via their instructions."?

[evankanderson]

What happens if we submit this without patching namespace?

Is this safe to submit, or do we need the upstream to be fixed first? Since this is an HPA, it probably just means that pilot won't scale-out if needed.

(BTW, you linked to the same file twice.)

[evankanderson]

/approve

[google-prow-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: evankanderson, krancour, tcnghia

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [evankanderson]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment