Per the docs, the recommended way to install Istio is using istioctl. The Helm way will be deprecated in the future. However, for upgrade, using istioctl is experimental. And Helm will only upgrade installations that were installed using Helm.
That makes it hard to pick the installation method to use. Seems like I should use Helm as I don’t think I’d want to rely on an experimental feature for upgrade. However,…
For how much longer are you keeping Helm as an installation method?
If/when Helm disappears and I installed mine using istioctl, what would be my options, if any, besides uninstalling my current version and then installing the new version from scratch?
What have others been using for both install and upgrade?
It seems like most people are still using helm. Anyone using istioctl for installation? The “manifest” command does not work for me. Are these commands not built into the executable? Do I need something else?
The istioctl manifest command is new in Istio 1.4. It is not available in earlier versions (edit: Thanks Martin for the correction.) It was experimental in 1.3.
It’s experimental in 1.3 i.e. use “istioctl x manifest apply”
Jaid, regarding using Helm vs. istioctl, for new installations we do recommend istioctl. Although istioctl upgrade is experimental in 1.4, we plan to move it to beta in 1.5 - so you will be able to use upgrade to go from 1.4 to 1.5 without any issues.
For upgrading patch versions, I don’t think there should be any problem with upgrade; patch versions typically don’t make any API changes and most of upgrade command functionality is around checking for API changes during upgrade. We do plan to test upgrade command for 1.4.x -> 1.4.(x+1) and any errors are likely to be of the flavor of “cannot find this field to validate against the schema”, not something that would actually break your install.
Thanks. I just tried it. It doesn’t look like the experimental version supports “–set profile”, does it? It doesn’t show up in the help. I tried it anyway but got the same result with and without it.
Btw, if I wanted just the Ingress gateway for now, would “minimal” cut it? I thought I’d read one earlier post recommending that we do a full install anyway. It’d be great to get an updated (and official) answer now. (I actually do not see Ingress gateway checked under minimal. Shouldn’t it be? I thought minimal included Traffic Management, which I take to be Ingress?)
Also, I’m unclear on what you said about patch versions. You had said there should be no problem with upgrade. But were you referring to upgrade via istioctl or via helm? If I install 1.4.0 now using istioctl and you come up with 1.4.1, which upgrade method can/should I use?
Hi, that’s correct, upgrade doesn’t support --set because we want to discourage the use of --set in favor of passing in an IstioControlPlane CR YAML for anything except experimenting. --set is a convenience to quickly try something out, but doesn’t seem like a good idea to use it with upgrade because it’s easy to make a mistake once you have more than a couple of customizations.
Having said that, if users really want it we’ll put it in…
For installing a gateway only, minimal is a good starting point. You’d just have to pass --set profile=minimal,gateways.enabled=true to istioctl (or use an ICP YAML file ;-)).
There should be no problem using the upgrade command to go from 1.4.0 to 1.4.x, even though it’s marked experimental. Upgrade mostly just validates that API and default value changes are compatible between source and target versions and it’s very unlikely that there would be such changes in 1.4.0->1.4.x. And even if there are, we will add those into 1.4.x upgrade command and we will be testing that the command works for such patch version changes.
Thank you again. Re profiles, I was actually referring to installation. The experimental manifest command in 1.3.5 does not seem to support profiles, does it?
EDIT: There’s actually a set command in the help, but my “–set profile=minimal” did not work. I see the same amount of objects created with and without it.
Thank you for all your help. Not sure what you mean by trying with an ICP CR. Please elaborate only if it’s no trouble at all.
I’m inclined to just go ahead and install 1.4.0. The only reason I’m trying 1.3.5 is so that I can try to upgrade to 1.4.0 afterwards. But seeing how the installation and upgrade have changed between 1.3.x and 1.4.x, I don’t think I should invest any more time on it.
Just like someone else in this forum, I need to push the images to our own registry. Is there a better URL than this (i.e. is there a release counterpart)?
Oh, I cannot pull Docker images from there, unless I guess I do it from a public network. That was the problem I was trying to get around using the tar.gz’s. Do you have tar.gz’s of the release images anywhere, similar to the ones on that prerelease URL?
When I was evaluating 1.3.3 using Quick Install, my requests would fail if I brought down policy. And when sidecar-injector wasn’t running, then new pods would not come up.
The release tar gz’s are on Github: https://github.com/istio/istio/releases/
You don’t need policy or sidecar-injector. Only if policy is originally installed and you bring it down, requests will fail.