Hi,
We wanted all images to come from our ACR and not for Docker. What images we should import to our ACR to keep Istio working fine?
Hi,
We wanted all images to come from our ACR and not for Docker. What images we should import to our ACR to keep Istio working fine?
There is this blog post that tells you how you can host Istio images into your private registry.
Thanks…Exactly, I did it but getting below error while creating any pod with sidecar - not sure it is because of it or with Istio latest version 1.10.3 with AKS latest 1.21.2
2m29s Warning FailedCreate replicaset/reviews-v3-84779c7bbc Error creating: Internal error occurred: failed calling webhook “namespace.sidecar-injector.istio.io”: Post “https://istiod.istio-system.svc:443/inject?timeout=10s”: context deadline exceeded
24s Warning FailedCreate replicaset/reviews-v3-84779c7bbc Error creating: Internal error occurred: failed calling webhook “namespace.sidecar-injector.istio.io”: Post “https://istiod.istio-system.svc:443/inject?timeout=10s”: context deadline exceeded
What would happen if you try to spin up a pod with this image replicated?
For example:
kubectl run my-test-pod --image=my-registry/proxyv2:YOUR_ISTIO_VERSION?
Here’s my example. It doesn’t work because the proxyv2 expects some config files, but at least it can pull from another registry:
$ kubectl run my-own-pod --image=gcr.io/istio-release/proxyv2:1.10.3
pod/my-own-pod created
$ kubectl get pods my-own-pod
NAME READY STATUS RESTARTS AGE
my-own-pod 0/1 CrashLoopBackOff 1 14s
$ kubectl describe pods my-own-pod
(...)
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 20s default-scheduler Successfully assigned default/my-own-pod to gke-XXXXXXX
Normal Pulling 19s kubelet Pulling image "gcr.io/istio-release/proxyv2:1.10.3"
Normal Pulled 13s kubelet Successfully pulled image "gcr.io/istio-release/proxyv2:1.10.3" in 5.995224195s
Normal Created 10s (x2 over 11s) kubelet Created container my-own-pod
Normal Started 10s (x2 over 10s) kubelet Started container my-own-pod
Normal Pulled 10s kubelet Container image "gcr.io/istio-release/proxyv2:1.10.3" already present on machine
Warning BackOff 8s (x2 over 9s) kubelet Back-off restarting failed container
Before testing with these steps, just wanted to tell you that behavior is same even when I removed hub entry and re-ran it…
Ah ok.
Well, unfortunately I don’t have a clue.
We have the same requirement. We went with an IstioOperator based install.
kubectl create namespace istio-operator
kubectl create namespace istio-system
kubectl apply -f file-with-secrets-to-repo-in-istio-system-namespace.yaml
kubectl apply -f file-with-secrets-to-repo-in-istio-operator-namespace.yaml
istioctl operator init --hub ${HUB_STRING} --imagePullSecrets ${CREDS}
cat > istio-operator.yaml << EOF
apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
metadata:
namespace: istio-system
name: myistiooperator
spec:
profile: default
components:
ingressGateways:
- name: istio-ingressgateway
values:
global:
hub: ${HUB_STRING}
imagePullSecrets:
- ${CREDS}
EOF
kubectl apply -f istio-operator.yaml
We’ve got 1.9.4 in production with this setup.
-Javier
Additionally, we copied over operator, pilot, and proxyv2 into our ACR.
-Javier