SInce CITADEL can have only one replica and PDB set to 1, not able to drain the node, anyone faced this issue?
Yep, PDBs are a bit of a mess in Istio (when installed with istioctl). The istio-injector PDB is also problematic as the matchLabels are incorrect, so it doesn’t match anything…
I’ve taken to breaking the istio-citadel pdb with an overlay:
citadel:
enabled: true
k8s:
replicaCount: 1
overlays:
- kind: PodDisruptionBudget
name: istio-citadel
patches:
- path: .spec.selector.matchLabels.app
value: deliberately-broken
For some reason, I couldn’t override or get rid of the minAvailable: 1
I also “fixed” the problematic sidecar-injector pdb with an overlay:
injector:
enabled: true
k8s:
replicaCount: 2
overlays:
- kind: PodDisruptionBudget
name: istio-sidecar-injector
patches:
- path: .spec.selector.matchLabels.app
value: sidecarInjectorWebhook