1.6 upgrade path from Helm chart


We are using Istio 1.5.2 installed via the “legacy Helm chart”. I’m trying to find an upgrade path to 1.6. I understand this is best done via canary as the existing Helm charts don’t have a direct upgrade path to istioctl/istio-operator.

I’ve tried using istioctl and the Istio operator, but with both they create resources that have naming conflicts with the existing Helm charts. When I try to delete the old Helm chart, those resources get deleted. Specifically, the istio-ingressgateway deployment, and some service accounts.

How am I supposed to do this in a zero-downtime manner? Are there docs that detail how to do this?


I assume you followed the steps in https://istio.io/docs/setup/upgrade/?
Can you provide more detail on what commands you ran and what happened?

@David_Norton Curious if you made any progress toward Istio 1.6. We’re still on 1.4.9 helm installed and have been using the helm upgrade process since 1.2 without issues, when I’ve made attempts to migrate beyond 1.4.x it did not go well I wasn’t even able to upgrade as far as you have with the legacy helm chart. I am using Helm 3.

I had similar issue while upgrading from 1.4.3 to 1.5.4. But i resolved by creating a manifest file that resembles the existing setup of 1.4.3. By mentioning the desired version to upgrade in manifest file, i managed to upgrade my application using istioctl without any downtime.

You can find the samples for manifest in istio installation directory.

Hope this helps.

@David_Norton any progress there?

I’m in a similar situation, I need to go from 1.5.4 installed using helm charts (so with all the legacy pods, no istiod) to 1.7.1.

I saw some document that explain how to perform a canary upgrade but no one explains how to deal with:

  • configurations: how these are consumed by the new control plane? Are old config compatible with new control planes?
  • what happens to the ingress controller when installing the second control plane? How do I “attach” the ingress controller to the new control plane?

@ostromart can you comment on this?

Istioctl upgrade checks the schema so it will alert you to any incompatible fields. Helm doesn’t do this so you pretty much have to go through manually and check for deprecated fields. An workaround is to pass your Helm config to istioctl manifest generate under the spec.values passthrough API and see if you get any errors.
When you say ingress controller which specific resource are you referring to? istiod is the ingress controller by default.

Hi @ostromart,
thank you for the answer.

Sorry, I meant istio-ingressgateway.