Istio installation for production

Hi,

For our deployment, we would like to not download the docker images from the internet (dockerhub) everytime.

Meaning we want to get all images for istio-init and istio and store it in our local repository. This step is required for security/certification etc.

Question 1
Now Istio-init and Istio are made up of multiple disparate pieces (meaning there are many docker images). What’s the best way to source all of these. Is there are quick way to get all these images as collection ?

Question 2
And finally this also means the helm charts would now need to point to the local repo. What’s the best way to alter the charts to point to the local repository ? I’m asking this question from future maintainability when newer versions of istio are released how can I get them installed (from local source) with NO or minimal changes to the chart ?

Appreciate your help on this.

Hi @howardjohn, can you pls take a look and suggest

There is a dump of all our docker files here https://gcsweb.istio.io/gcs/istio-prerelease/prerelease/1.3.0/docker/ as well as the charts . You can use all of those. Not sure why we only seem to push it as prerelease though… in 1.4 this will be fixed

1 Like

Awesome @howardjohn … I’ll try this

As always, appreciate all your help !

@howardjohn Just to confirm, I presume this includes the images required for istio-init too right ?

@howardjohn

Where should we get the images for the Jobs in the istio-init.

All Jobs source their images from -

image: "{{ .Values.global.hub }}/kubectl:{{ .Values.global.tag }}"

which translates to -

image: "docker.io/istio/kubectl:1.3.0"

I think I got it. Its here: kubectl.tar.gz

Let me try this out.

This works, thanks !

Hi @adurai81, would you mind listing out the steps you followed to make this work? I also need the images to be stored on and pulled from our servers per company policy.

When I did the Quick Install, I had to update the image tags in the demo yaml to point to the ones that I re-tagged and uploaded to our registry. I’d like to know how you did it with helm, for both the initial installation and later upgrades.

Thanks. I’d appreciate your help.
J

Here you go -

Download all *.tar.gz files from here - https://gcsweb.istio.io/gcs/istio-prerelease/prerelease/1.3.0/docker/?_ga=2.165127098.422668329.1574098587-587022560.1551850026

Following steps must be repeated for each image -

Load the image - docker load --quiet --input app_sidecar.tar.gz

Tag the image for push to load registry - 'docker tag istio/sidecar_injector:1.3.0:1.3.0 *.ocir.io/test/istio/sidecar_injector:1.3.0:1.3.0`

Push the image to the registry - docker push *.ocir.io/test/istio/sidecar_injector:1.3.0

Once images are available in the registry, you would need to modify the helm chart to point to the registry here - https://github.com/istio/istio/blob/9eee14d60c6c76d9f11b0f1fe03691f1b5e6b2d6/install/kubernetes/helm/istio/values.yaml#L110

1 Like

Thanks. It’s very similar to what I did, except that I used quick install to load all the images and I used quick install again on another box after updating the demo yaml to point to my uploaded images.

Have you tried upgrading? I’m not that familiar with Helm yet. Is it just a matter of performing the same steps with a new helm chart?

Thanks again,
J

Hi @howardjohn,

Is there now a release version of this URL?

Thanks,
J