Istio installation for production

adurai81 · September 23, 2019, 11:12pm

Hi,

For our deployment, we would like to not download the docker images from the internet (dockerhub) everytime.

Meaning we want to get all images for istio-init and istio and store it in our local repository. This step is required for security/certification etc.

Question 1
Now Istio-init and Istio are made up of multiple disparate pieces (meaning there are many docker images). What’s the best way to source all of these. Is there are quick way to get all these images as collection ?

Question 2
And finally this also means the helm charts would now need to point to the local repo. What’s the best way to alter the charts to point to the local repository ? I’m asking this question from future maintainability when newer versions of istio are released how can I get them installed (from local source) with NO or minimal changes to the chart ?

Appreciate your help on this.

adurai81 · September 24, 2019, 3:54am

Hi @howardjohn, can you pls take a look and suggest

howardjohn · September 24, 2019, 4:06am

There is a dump of all our docker files here https://gcsweb.istio.io/gcs/istio-prerelease/prerelease/1.3.0/docker/ as well as the charts . You can use all of those. Not sure why we only seem to push it as prerelease though… in 1.4 this will be fixed

adurai81 · September 24, 2019, 4:10am

Awesome @howardjohn … I’ll try this

As always, appreciate all your help !

adurai81 · September 24, 2019, 4:12am

@howardjohn Just to confirm, I presume this includes the images required for istio-init too right ?

adurai81 · September 24, 2019, 6:18am

@howardjohn

Where should we get the images for the Jobs in the istio-init.

All Jobs source their images from -

image: "{{ .Values.global.hub }}/kubectl:{{ .Values.global.tag }}"

which translates to -

image: "docker.io/istio/kubectl:1.3.0"

adurai81 · September 24, 2019, 3:06pm

I think I got it. Its here: kubectl.tar.gz

Let me try this out.

adurai81 · September 24, 2019, 7:17pm

This works, thanks !

jaid · November 21, 2019, 11:00pm

Hi @adurai81, would you mind listing out the steps you followed to make this work? I also need the images to be stored on and pulled from our servers per company policy.

When I did the Quick Install, I had to update the image tags in the demo yaml to point to the ones that I re-tagged and uploaded to our registry. I’d like to know how you did it with helm, for both the initial installation and later upgrades.

Thanks. I’d appreciate your help.
J

adurai81 · November 21, 2019, 11:13pm

Here you go -

Download all *.tar.gz files from here - https://gcsweb.istio.io/gcs/istio-prerelease/prerelease/1.3.0/docker/?_ga=2.165127098.422668329.1574098587-587022560.1551850026

Following steps must be repeated for each image -

Load the image - docker load --quiet --input app_sidecar.tar.gz

Tag the image for push to load registry - 'docker tag istio/sidecar_injector:1.3.0:1.3.0 *.ocir.io/test/istio/sidecar_injector:1.3.0:1.3.0`

Push the image to the registry - docker push *.ocir.io/test/istio/sidecar_injector:1.3.0

Once images are available in the registry, you would need to modify the helm chart to point to the registry here - https://github.com/istio/istio/blob/9eee14d60c6c76d9f11b0f1fe03691f1b5e6b2d6/install/kubernetes/helm/istio/values.yaml#L110

jaid · November 21, 2019, 11:32pm

Thanks. It’s very similar to what I did, except that I used quick install to load all the images and I used quick install again on another box after updating the demo yaml to point to my uploaded images.

Have you tried upgrading? I’m not that familiar with Helm yet. Is it just a matter of performing the same steps with a new helm chart?

Thanks again,
J

jaid · November 22, 2019, 12:18am

Hi @howardjohn,

Is there now a release version of this URL?

Thanks,
J

adurai81 · April 2, 2020, 5:48pm

@howardjohn Is this the right link to download images for Istio v1.4.0 ?

https://gcsweb.istio.io/gcs/istio-prerelease/prerelease/1.4.0/docker/

adurai81 · April 2, 2020, 7:05pm

Or should I pick

charts from ?
https://gcsweb.istio.io/gcs/istio-release/releases/1.4.0/charts/

and images from ?
https://gcsweb.istio.io/gcs/istio-release/releases/1.4.0/docker/

sachithmuhandiram · October 10, 2020, 11:05am

I downloaded all related images for version 1.6.5 from GCS browser: istio-release

And followed steps given by @adurai81 to push images to my local docker repo. And then

istioctl manifest generate --set profile=demo --set hub=my-repo:5000

istioctl install --set profile=demo --set hub=my-repo:5000

But this fails with

Istio core installed
✘ Istiod encountered an error: failed to wait for resource: resources not ready after 5m0s: timed out waiting for the condition
Deployment/istio-system/istiod
✘ Egress gateways encountered an error: failed to wait for resource: resources not ready after 5m0s: timed out waiting for the condition
Deployment/istio-system/istio-egressgateway
✘ Ingress gateways encountered an error: failed to wait for resource: resources not ready after 5m0s: timed out waiting for the condition
Deployment/istio-system/istio-ingressgateway
✘ Addons encountered an error: failed to wait for resource: resources not ready after 5m0s: timed out waiting for the condition
Deployment/istio-system/prometheus

Pruning removed resources Error: failed to apply manifests: errors occurred during operation

We do not use helm for the installation, we would like to know how to do the installation using istioctl tool.

Topic		Replies	Views
Helm and private registrys	6	1754	April 22, 2019
Istio 1.2 installer helm charts Test and Release	0	575	July 22, 2019
Istio Installation changes for 1.1 Contributors	0	663	January 10, 2019
What images are needed for installation	0	428	November 29, 2021
Install Istio using container images Contributors	4	3831	September 19, 2020

Istio installation for production

Related Topics