Failing to deploy istio ingressgateway as DaemonSet

1

Greetings,

We have a Azure Kubernetes Service running for our apps. We are trying to use Istio as a frontal ingress gateway. We are experiencing issues while trying to deploy the ingress gateway pod as DaemonSet.
Our version of Kubernetes are 1.19.7. We also tried it with 1.19.11.

We tried the following configuration after deploying Istio Operator either by using IstioCtl or with Helm chart.
In both cases, we get the following error …

info	installer	using server side apply to update obj: DaemonSet/istio-system/istio-ingressgateway
error	installer	failed to update resource with server-side apply for obj DaemonSet/istio-system/istio-ingressgateway: failed to create typed patch object: .spec.strategy: field not declared in schema
 - Pruning removed resources
 ✘ Ingress gateways encountered an error: failed to update resource with server-side apply for obj DaemonSet/istio-system/istio-ingressgateway: failed to create typed patch object: .spec.strategy: field not declared in schema

… when applying the following configuration:

apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
metadata:
  namespace: istio-system
  name: istio-config
spec:
  profile: demo
  meshConfig:
    connectTimeout: "10s"
    accessLogFile: /dev/stdout
    defaultConfig:
      tracing:
        sampling: "100"
  components:
    ingressGateways:
       - name: istio-ingressgateway
         enabled: true
         k8s:
           service:
             externalTrafficPolicy: Local
             loadBalancerIP: <OUR_PUBLIC_IP_OBJECT_IN_AZURE_FOR_ISTIO>
           serviceAnnotations:
             service.beta.kubernetes.io/azure-dns-label-name: "demo-istio"
           overlays:
            - apiVersion: apps/v1
              kind: Deployment
              name: istio-ingressgateway
              patches:
              - path: kind
                value: DaemonSet

If we disable the Overlays part, deployment succeeds but we get the ingress gateway pod only on one node.

According to this documentation, we have to deploy the ingressgateway as DaemonSet for it to be deployed on every node in the cluster. (" However, you must run an ingress gateway pod on every node.", it says)

We tried with Istio Operator v1.10.0 or 1.10.1 without any luck on either version.

Do you have any insight on why this spec.strategy error is happening?

Best Regards from France,

2 Likes
2

Maybe you’ve solved this, but for future reference / visitors:

...
           overlays:
                ...
                # can leave value unset to delete the node
                # ref: https://istio.io/latest/docs/reference/config/istio.operator.v1alpha1/#K8sObjectOverlay-PathValue
                - path: spec.strategy
                  value:
                # this is the default value for ds.spec.updateStrategy.rollingUpdate ...
                - path: spec.updateStrategy
                  value:
                    rollingUpdate:
                      maxUnavailable: 1
3 Likes
3

Thank you!

This did the trick!

Best Regards from France!

4

hello,
we have the same problem and im not sure where i need to add this …thank you

5

Greetings,

You should apply this on your IstioOperator ymal config file

Hope this helps!

Here is our current one:


apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
metadata:
  namespace: istio-system
  name: istio-config
spec:
  #tag: latest
  #revision: 1-11-1
  profile: default
  meshConfig:
    connectTimeout: "10s"
    accessLogFile: /dev/stdout
    enableTracing: true
    h2UpgradePolicy: DO_NOT_UPGRADE
    defaultConfig:
       holdApplicationUntilProxyStarts: true
    #  tracing:
    #    sampling: "100"
  components:
    ingressGateways:
       - name: istio-ingressgateway
         enabled: true
         k8s:
           service:
             externalTrafficPolicy: Local
             loadBalancerIP: 10.188.62.100
           overlays:
           - apiVersion: apps/v1
             kind: Deployment
             name: istio-ingressgateway
             patches:
             - path: kind
               value: DaemonSet
             # can leave value unset to delete the node
             # ref: https://istio.io/latest/docs/reference/config/istio.operator.v1alpha1/#K8sObjectOverlay-PathValue
             - path: spec.strategy
               value:
                 # this is the default value for ds.spec.updateStrategy.rollingUpdate 
             - path: spec.updateStrategy
               value:
                 rollingUpdate:
                   maxUnavailable: 1