Failing to deploy istio ingressgateway as DaemonSet

gc_sebastienle · June 15, 2021, 10:51am

Greetings,

We have a Azure Kubernetes Service running for our apps. We are trying to use Istio as a frontal ingress gateway. We are experiencing issues while trying to deploy the ingress gateway pod as DaemonSet.
Our version of Kubernetes are 1.19.7. We also tried it with 1.19.11.

We tried the following configuration after deploying Istio Operator either by using IstioCtl or with Helm chart.
In both cases, we get the following error …

info	installer	using server side apply to update obj: DaemonSet/istio-system/istio-ingressgateway
error	installer	failed to update resource with server-side apply for obj DaemonSet/istio-system/istio-ingressgateway: failed to create typed patch object: .spec.strategy: field not declared in schema
 - Pruning removed resources
 ✘ Ingress gateways encountered an error: failed to update resource with server-side apply for obj DaemonSet/istio-system/istio-ingressgateway: failed to create typed patch object: .spec.strategy: field not declared in schema

… when applying the following configuration:

apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
metadata:
  namespace: istio-system
  name: istio-config
spec:
  profile: demo
  meshConfig:
    connectTimeout: "10s"
    accessLogFile: /dev/stdout
    defaultConfig:
      tracing:
        sampling: "100"
  components:
    ingressGateways:
       - name: istio-ingressgateway
         enabled: true
         k8s:
           service:
             externalTrafficPolicy: Local
             loadBalancerIP: <OUR_PUBLIC_IP_OBJECT_IN_AZURE_FOR_ISTIO>
           serviceAnnotations:
             service.beta.kubernetes.io/azure-dns-label-name: "demo-istio"
           overlays:
            - apiVersion: apps/v1
              kind: Deployment
              name: istio-ingressgateway
              patches:
              - path: kind
                value: DaemonSet

If we disable the Overlays part, deployment succeeds but we get the ingress gateway pod only on one node.

According to this documentation, we have to deploy the ingressgateway as DaemonSet for it to be deployed on every node in the cluster. (" However, you must run an ingress gateway pod on every node.", it says)

We tried with Istio Operator v1.10.0 or 1.10.1 without any luck on either version.

Do you have any insight on why this spec.strategy error is happening?

Best Regards from France,

so0k · July 13, 2021, 6:16pm

Maybe you’ve solved this, but for future reference / visitors:

...
           overlays:
                ...
                # can leave value unset to delete the node
                # ref: https://istio.io/latest/docs/reference/config/istio.operator.v1alpha1/#K8sObjectOverlay-PathValue
                - path: spec.strategy
                  value:
                # this is the default value for ds.spec.updateStrategy.rollingUpdate ...
                - path: spec.updateStrategy
                  value:
                    rollingUpdate:
                      maxUnavailable: 1

gc_sebastienle · August 2, 2021, 3:44pm

Thank you!

This did the trick!

Best Regards from France!

Natali_mahmali · November 18, 2021, 3:46pm

hello,
we have the same problem and im not sure where i need to add this …thank you

gc_sebastienle · November 19, 2021, 10:53am

Greetings,

You should apply this on your IstioOperator ymal config file

Hope this helps!

Here is our current one:


apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
metadata:
  namespace: istio-system
  name: istio-config
spec:
  #tag: latest
  #revision: 1-11-1
  profile: default
  meshConfig:
    connectTimeout: "10s"
    accessLogFile: /dev/stdout
    enableTracing: true
    h2UpgradePolicy: DO_NOT_UPGRADE
    defaultConfig:
       holdApplicationUntilProxyStarts: true
    #  tracing:
    #    sampling: "100"
  components:
    ingressGateways:
       - name: istio-ingressgateway
         enabled: true
         k8s:
           service:
             externalTrafficPolicy: Local
             loadBalancerIP: 10.188.62.100
           overlays:
           - apiVersion: apps/v1
             kind: Deployment
             name: istio-ingressgateway
             patches:
             - path: kind
               value: DaemonSet
             # can leave value unset to delete the node
             # ref: https://istio.io/latest/docs/reference/config/istio.operator.v1alpha1/#K8sObjectOverlay-PathValue
             - path: spec.strategy
               value:
                 # this is the default value for ds.spec.updateStrategy.rollingUpdate 
             - path: spec.updateStrategy
               value:
                 rollingUpdate:
                   maxUnavailable: 1

Topic		Replies	Views
Isitio 1.6.11 set ingress gateway to be deployed as daemonset Config	6	3088	October 5, 2020
Istio-ingressgateway Deployment to DaemonSet Networking	1	3032	May 6, 2021
Istio Ingress gateway on Istio 1.10	1	799	September 13, 2021
Istio-ingressgateway fails to start	6	6968	July 5, 2020
K8s error event updating endpoint for istio-ingressgateway	0	1529	January 5, 2021

Failing to deploy istio ingressgateway as DaemonSet

Related topics