istio
/
istio.io
mirror of https://github.com/istio/istio.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Refinements to the operator blog post (#5480) 

* Test of the docs checks

* Refinements to the operator blog post

Change ordered lists to unordered lists
Remove forward looking statements
Edit for clarity

* Self-review

* Address review comments.

* Address linting problems.

* Lint cleanup

* Little more tidy

* Address reviewer comments
This commit is contained in:
Steven Dake 2019-11-10 19:27:53 -07:00 committed by Istio Automation
parent 8237a09c01
commit fe2530bbe6
1 changed files with 45 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

98
content/en/blog/2019/introducing-istio-operator/index.md
View File

@ -9,39 +9,39 @@ target_release: 1.4
--- ---
Kubernetes [operators](https://kubernetes.io/docs/concepts/extend-kubernetes/operator/) provide Kubernetes [operators](https://kubernetes.io/docs/concepts/extend-kubernetes/operator/) provide
a pattern for encoding human operations knowledge in software and are a popular way to simplify a pattern for encoding human operational knowledge in software and are a popular way to simplify
the administration of software infrastructure components. the administration of software infrastructure components. Istio is aa natural candidate for an automated
Because Istio is complex to administer, it's a natural candidate for an operator. operator as it is challenging to administer.
Up until now, [Helm](https://github.com/helm/helm) has been the primary tool to install and upgrade Istio. [Helm](https://github.com/helm/helm) has been the primary tool to install and upgrade Istio.
This approach worked well but had some disadvantages: The new installation mechanism builds on the strengths of Helm with the addition of the
following characteristics:
1. Users need to install another tool. - Users install only one tool: `istioctl`
1. Supporting Istio's many small specializations cause Helm templates to become unwieldy. - All API fields are validated
1. Helm configurations are difficult to validate using Istio's proto-based APIs. - Small customizations not in the API do not require chart or API changes
1. Upgrades sometimes require Istio specific hooks that have been difficult to implement and maintain with Helm. - Version specific upgrade hooks can be easily and robustly implemented
Starting with Istio 1.4, the [Helm installation](/docs/setup/install/helm/) approach has been deprecated Istio 1.4 introduces a new method of [installation using {{< istioctl >}}](/docs/setup/install/istioctl/).The
in favor of a new [installation using {{< istioctl >}}](/docs/setup/install/istioctl/) approach. [Helm installation](/docs/setup/install/helm/) method is in the process of deprecation. Upgrading from Istio
Upgrading from Istio 1.4 onward (that is, versions not initially installed with Helm) 1.4 with a version not initially installed with Helm is done using the
will also be done using a new [{{< istioctl >}} upgrade feature](/docs/setup/upgrade/istioctl-upgrade/). [{{< istioctl >}} upgrade feature](/docs/setup/upgrade/istioctl-upgrade/).
The new `istioctl` commands use a The `istioctl` operator commands use a
[Custom Resource Definition (CRD)](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/#customresourcedefinitions) [Custom Resource (CRD)](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/#customresourcedefinitions) to configure the installation. The CRD is part of a new Istio operator
to configure the installation. implementation intended to simplify the common administrative tasks of installation, upgrade,
The CRD is part of a new Istio operator implementation intended to simplify the common administrative tasks of and complex configuration changes for Istio. Validation and checking for installation and upgrade
installation, upgrade, and complex configuration changes for Istio. is tightly integrated with the tools to prevent
Validation and checking for installation and upgrade is tightly integrated with the tools to prevent
common errors and simplify troubleshooting. common errors and simplify troubleshooting.
## Istio Control Plane API ## The `IstioControlPlane` API
Every operator implementation requires a Every operator implementation requires a
[custom resource](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/) [custom resource](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/)
to define its API. Istio's operator API is defined by the to define its API. Istio's operator API is defined by the
[`IstioControlPlane` CRD](/docs/reference/config/istio.operator.v1alpha12.pb/), [`IstioControlPlane` CRD](/docs/reference/config/istio.operator.v1alpha12.pb/),
which is generated from which is generated from
[this proto](https://github.com/istio/operator/blob/release-1.4/pkg/apis/istio/v1alpha2/istiocontrolplane_types.proto). [the `IstioControlPlane` proto](https://github.com/istio/operator/blob/release-1.4/pkg/apis/istio/v1alpha2/istiocontrolplane_types.proto).
The API supports all of Istio's current [configuration profiles](/docs/setup/additional-setup/config-profiles/) The API supports all of Istio's current [configuration profiles](/docs/setup/additional-setup/config-profiles/)
using a single field to select the profile. For example, the following `IstioControlPlane` resource using a single field to select the profile. For example, the following `IstioControlPlane` resource
configures Istio using the `demo` profile: configures Istio using the `demo` profile:
@ -76,11 +76,11 @@ The recommended way to use the Istio operator API is through a new set of `istio
For example, to install Istio into a cluster: For example, to install Istio into a cluster:
{{< text bash >}} {{< text bash >}}
$ istioctl manifest apply -f <your-istiocontrolplane-config> $ istioctl manifest apply -f <your-istiocontrolplane-customresource>
{{< /text >}} {{< /text >}}
Make changes to the installation configuration by editing the configuration Make changes to the installation configuration by editing the configuration file and executing
file and calling `istioctl manifest apply` again. `istioctl manifest apply` again.
To upgrade to a new version of Istio: To upgrade to a new version of Istio:
@ -95,17 +95,16 @@ the `istioctl` commands can also be passed individual settings using a `--set` f
$ istioctl manifest apply --set telemetry.enabled=false $ istioctl manifest apply --set telemetry.enabled=false
{{< /text >}} {{< /text >}}
There are also a number of other `istioctl` commands that, for example, There are also a number of other `istioctl` commands that, for example, help you list, display,
help you list, display, and compare configuration profiles and manifests. and compare configuration profiles and manifests.
Refer to the Istio [install instructions](/docs/setup/install/istioctl) for more details. Refer to the Istio [install instructions](/docs/setup/install/istioctl) for more details.
## Istio Controller (alpha) ## Istio Controller (alpha)
Operator implementations use a Kubernetes controller to continuously monitor their Operator implementations use a Kubernetes controller to continuously monitor their custom resource objects
API resource and apply the corresponding configuration changes. and apply the corresponding configuration changes. The Istio controller monitors an `IstioControlPlane`
In Istio's case, the controller monitors and reacts to changes in an resource and implements cluster changes updating the Istio installation configuration.
`IstioControlPlane` resource for a cluster by updating the Istio installation configuration.
In the 1.4 release, the Istio controller is in the alpha phase of development and not fully In the 1.4 release, the Istio controller is in the alpha phase of development and not fully
integrated with `istioctl`. It is, however, integrated with `istioctl`. It is, however,
@ -127,12 +126,11 @@ $ kubectl edit istiocontrolplane example-istiocontrolplane -n istio-system
As soon as the resource is updated, the controller will detect the changes and respond by updating As soon as the resource is updated, the controller will detect the changes and respond by updating
the Istio installation correspondingly. the Istio installation correspondingly.
Both the operator controller and `istioctl` commands share the same code. Both the operator controller and `istioctl` commands share the same implementation. The significant
The main difference is the execution context. difference is the execution context. In the `istioctl` case, the operation runs in the admin users
In the `istioctl` case, the operation runs in the admin users command execution and command execution and security context. In the controller case, a pod in the cluster runs the code
security context, while in the controller case, a pod in the cluster runs the code in its security context. in its security context. In both cases, configuration is validated against a schema and the same correctness
In both cases, they validate configuration schemas and perform the same range of checks for installation checks are performed.
change or upgrade.
## Migration from Helm ## Migration from Helm
@ -152,22 +150,22 @@ You can use this `istioctl` command:
$ istioctl manifest generate ... --set values.global.mtls.enabled=true $ istioctl manifest generate ... --set values.global.mtls.enabled=true
{{< /text >}} {{< /text >}}
You can also set Helm configuration values in an `IstioControlPlane` configuration resource. You can also set Helm configuration values in an `IstioControlPlane` custom resource.
See [Customize Istio settings using Helm](/docs/setup/install/istioctl/#customize-istio-settings-using-the-helm-api) See [Customize Istio settings using Helm](/docs/setup/install/istioctl/#customize-istio-settings-using-the-helm-api)
for details. for details.
Another feature to help with the transition from Helm is the alpha Another feature to help with the transition from Helm is the alpha
[{{< istioctl >}} manifest migrate](/docs/reference/commands/istioctl/#istioctl-manifest-migrate) command. [{{< istioctl >}} manifest migrate](/docs/reference/commands/istioctl/#istioctl-manifest-migrate) command.
This command can be used to automatically convert a Helm `values.yaml` file to a corresponding `IstioControlPlane` This command can be used to automatically convert a Helm `values.yaml` file to a corresponding
configuration. `IstioControlPlane` configuration.
## Implementation ## Implementation
Several frameworks have been created to help implement operators by generating stubs Several frameworks have been created to help implement operators by generating stubs for some or all of
for some or all of the components. The Istio operator was created with the help of a combination of the components. The Istio operator was created with the help of a combination of
[kubebuilder](https://github.com/kubernetes-sigs/kubebuilder) [kubebuilder](https://github.com/kubernetes-sigs/kubebuilder) and
and [operator framework](https://github.com/operator-framework), [operator framework](https://github.com/operator-framework). Istio's installation now uses a proto to
but follows the Istio convention of using a proto to represent the API. describe the API such that runtime validation can be executed against a schema.
More information about the implementation can be found in the README and ARCHITECTURE documents More information about the implementation can be found in the README and ARCHITECTURE documents
in the [Istio operator repository](https://github.com/istio/operator). in the [Istio operator repository](https://github.com/istio/operator).
@ -182,14 +180,8 @@ The new `istioctl` commands and operator controller both validate configuration
checks for installation change or upgrade. These checks are tightly integrated with the tools to prevent checks for installation change or upgrade. These checks are tightly integrated with the tools to prevent
common errors and simplify troubleshooting. common errors and simplify troubleshooting.
Going forward, we hope that this new approach will improve the user experience during Istio installation The Istio maintainers expect that this new approach will improve the user experience during Istio
and upgrade, better stabilize the installation API, and help users better manage and monitor their installation and upgrade, better stabilize the installation API, and help users better manage and
Istio installations. Future work includes: monitor their Istio installations.
- `istioctl` and the controller will support canary based upgrades.
- the controller will continuously monitor and report on the health of Istio components
and `istioctl` will report health whenever manifest commands are run.
- `istioctl manifest apply` option to read the `IstioControlPlane` resource from the cluster.
- `istioctl operator init` and `istioctl operator remove` commands to install and remove the controller.
We welcome your feedback about the new installation approach at [discuss.istio.io](https://discuss.istio.io/). We welcome your feedback about the new installation approach at [discuss.istio.io](https://discuss.istio.io/).