Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update istio addon manifest to 0.8 #64537

Merged
merged 3 commits into from
Jun 6, 2018
Merged

Update istio addon manifest to 0.8 #64537

merged 3 commits into from
Jun 6, 2018

Conversation

ostromart
Copy link
Contributor

What this PR does / why we need it:
Update Istio addon version to latest stable 0.8.0.
Changes from vanilla istio[-auth].yaml include:

  • k8s addon Reconcile labels
  • add all available Istio addons (grafana)
  • mirror docker images to gcr.io
  • add auto-injection in default namespace (not reconciled to allow Istio uninstall)
  • remove instance counts to prevent addon reconcile reverting any manual scaling
    Release note:
Update version of Istio addon from 0.6.0 to 0.8.0.
See https://istio.io/about/notes/0.8.html for full Isto release notes.

@k8s-ci-robot k8s-ci-robot added release-note Denotes a PR that will be considered when it comes time to generate release notes. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels May 30, 2018
@k8s-ci-robot k8s-ci-robot requested review from jbeda and mikedanese May 30, 2018 23:10
@m1093782566
Copy link
Contributor

/ok-to-test

@k8s-ci-robot k8s-ci-robot removed the needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. label May 31, 2018
@m1093782566
Copy link
Contributor

/ok-to-test

@ostromart
Copy link
Contributor Author

/cc @wangzhen127

@k8s-ci-robot
Copy link
Contributor

@ostromart: GitHub didn't allow me to request PR reviews from the following users: wangzhen127.

Note that only kubernetes members and repo collaborators can review this PR, and authors cannot review their own PRs.

In response to this:

/cc @wangzhen127

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@ostromart
Copy link
Contributor Author

/cc @yliaog

@k8s-ci-robot k8s-ci-robot requested a review from yliaog May 31, 2018 17:42
@BenTheElder
Copy link
Member

/retest

@wangzhen127 wangzhen127 mentioned this pull request Jun 1, 2018
Closed
@jberkus jberkus added this to the v1.11 milestone Jun 1, 2018
@jberkus
Copy link

jberkus commented Jun 1, 2018

/kind feature
/priority critical-urgent

I've added a kind and priority. However, I don't know what SIG this is, and you need to get that SIG to approve it for milestone. I can't do that.

@k8s-ci-robot k8s-ci-robot added kind/feature Categorizes issue or PR as related to a new feature. priority/critical-urgent Highest priority. Must be actively worked on as someone's top priority right now. labels Jun 1, 2018
@BenTheElder
Copy link
Member

Seems like sig-network..?
/sig network
/cc @MrHohn can you verify / delegate?

@k8s-ci-robot k8s-ci-robot added the sig/network Categorizes an issue or PR as relevant to SIG Network. label Jun 1, 2018
@MrHohn
Copy link
Member

MrHohn commented Jun 1, 2018

/cc @MrHohn can you verify / delegate?

I honestly don't know :) I thought there is sig-service-mesh but there isn't.

If it is sig-network, I guess @thockin?

@BenTheElder
Copy link
Member

BenTheElder commented Jun 1, 2018 via email

@wangzhen127
Copy link
Member

/lgtm

LGTM for seccomp changes. Feel free to squash commits.

@k8s-ci-robot
Copy link
Contributor

@wangzhen127: changing LGTM is restricted to assignees, and only kubernetes org members may be assigned issues.

In response to this:

/lgtm

LGTM for seccomp changes. Feel free to squash commits.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@abgworrall
Copy link
Contributor

/status approved-for-milestone

@rshriram
Copy link

rshriram commented Jun 5, 2018
edited
Loading

/lgtm (on behalf of Istio networking team)

@k8s-ci-robot
Copy link
Contributor

@rshriram: changing LGTM is restricted to assignees, and only kubernetes org members may be assigned issues.

In response to this:

/lgtm

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@dims
Copy link
Member

dims commented Jun 5, 2018

/assign @roberthbailey

@roberthbailey
Copy link
Contributor

I think that @mikedanese said he had time to take a pass on this.

@k8s-github-robot
Copy link

[MILESTONENOTIFIER] Milestone Pull Request: Up-to-date for process

@mikedanese @ostromart

Pull Request Labels
  • sig/cluster-lifecycle sig/gcp: Pull Request will be escalated to these SIGs if needed.
  • priority/critical-urgent: Never automatically move pull request out of a release milestone; continually escalate to contributor and SIG through all available channels.
  • kind/feature: New functionality.
Help

@mikedanese
Copy link
Member

Were these changes reviewed elsewhere?

@ostromart
Copy link
Contributor Author

Are you talking about reviewing 1. the base istio.yaml in the context of istio generally, 2. the changes that were overlaid on top to turn it into a k8s addon, or 3. the use of the resulting yaml in k8s?
All three have been reviewed to various extents:

  1. istio.yaml is dynamically generated: https://istio.io/docs/setup/kubernetes/helm-install/
    The base istio.yaml that comes out from this command is used extensively in istio e2e tests, and the config generation has been well tested as part of the istio release process. istio.yaml has not been explicitly reviewed as a PR inside of istio (because it's generated).
  2. Changes to istio.yaml (use of the addon manager labels & behavior) was reviewed as part of 3. That part is unchanged for 0.8.
  3. istio 0.5/6 was reviewed e.g. Add code and yaml for Istio as an addon #59378 Update Istio addon to 0.6.0 and mirror images in gcr #61911
    All the review comments from those have been carried forward into 0.8 but 0.8 modified isito.yaml has not been reviewed as a PR to incorporate into k8s.

mikedanese
mikedanese reviewed Jun 5, 2018
View reviewed changes
cluster/addons/istio/noauth/istio.yaml
labels:
istio-injection: enabled
addonmanager.kubernetes.io/mode: Reconcile
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why is this removed?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I thought this was not public-writeable, but I can put it back in.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Turns out it is writable but regardless...
istio-injection: enabled was removed from default because the webhook matcher now looks for namespaces that do not have "istio-injection: disabled" rather than having enabled. This just covers all possible namespaces outside the special ones.
Reconcile could be added here but I wonder if there's any risk of reconciling namespace resources.

cluster/addons/istio/noauth/istio.yaml
app: istio-mixer
chart: mixer-0.8.0
release: istio
heritage: Tiller
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this label significant?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's just a standard label recommended when using tiller to upgrade istio. If tiller is used by the user it will be clear from documentation that update of anything in istio-system will be reconciled regardless how it's updated.

@mikedanese
Copy link
Member

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jun 6, 2018
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: mikedanese, ostromart, rshriram, wangzhen127

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jun 6, 2018
@dims
Copy link
Member

dims commented Jun 6, 2018

/test pull-kubernetes-node-e2e

1 similar comment
@dims
Copy link
Member

dims commented Jun 6, 2018

/test pull-kubernetes-node-e2e

@k8s-github-robot
Copy link

Automatic merge from submit-queue (batch tested with PRs 64723, 64537). If you want to cherry-pick this change to another branch, please follow the instructions here.

@k8s-github-robot k8s-github-robot merged commit 7a9c05b into kubernetes:master Jun 6, 2018
@cmluciano cmluciano mentioned this pull request Jun 11, 2018
Closed
@mikedanese mikedanese mentioned this pull request Jun 20, 2018
Closed
@ostromart ostromart deleted the update-istio-0.8 branch June 21, 2018 22:57
@mikedanese mikedanese mentioned this pull request Jun 22, 2018
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wangzhen127 wangzhen127 wangzhen127 left review comments

@mikedanese mikedanese mikedanese left review comments

@jbeda jbeda Awaiting requested review from jbeda

@yliaog yliaog Awaiting requested review from yliaog

@roberthbailey roberthbailey Awaiting requested review from roberthbailey

Assignees

@mikedanese mikedanese

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/feature Categorizes issue or PR as related to a new feature. lgtm "Looks good to me", indicates that a PR is ready to be merged. priority/critical-urgent Highest priority. Must be actively worked on as someone's top priority right now. release-note Denotes a PR that will be considered when it comes time to generate release notes. sig/cluster-lifecycle Categorizes an issue or PR as relevant to SIG Cluster Lifecycle. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files.
Projects
None yet
Milestone
v1.11
Development

Successfully merging this pull request may close these issues.