resf / istio Goto Github PK

View Code? Open in Web Editor NEW

167.0 10.0 38.0 233 KB

istio offical suppport for arm64 will land since v1.15. now v1.16 release, this project archived.

License: The Unlicense

Makefile 100.00%

oci istio arm64 amd64

istio's Introduction

Istio OCI Images (`linux/arm64, linux/amd64`)

This repo is for building oci images for istio stacks (until official supports).

How to use?

using images under ghcr.io/resf/istio

Environment Requirements

make sure aarch64 (32bit is not supported. because of the envoy, with needs google wee8)

Install Istio Operator

Same as https://istio.io/latest/docs/setup/install/operator, but with --hub

$ istioctl operator init --hub=ghcr.io/resf/istio

Install Istio

Same as https://istio.io/latest/docs/setup/install

$ kubectl create ns istio-system
$ kubectl apply -f - <<EOF
apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
metadata:
  namespace: istio-system
  name: example-istiocontrolplane
spec:
  hub: ghcr.io/resf/istio
  profile: demo
EOF

notice the spec.hub, if deploy failed on arm64 hosts. should set spec.components.*.k8s.affinity, like

since 1.10.x, values.global.arch deprecated , we may not need this any more.

spec:
  components:
    pilot:
      k8s: # each components have to set this
        affinity: &affinity
          nodeAffinity:
            requiredDuringSchedulingIgnoredDuringExecution:
              nodeSelectorTerms:
                - matchExpressions:
                    - key: kubernetes.io/arch
                      operator: In
                      values:
                        - arm64
                        - amd64
    egressGateways:
      - name: "istio-egressgateway"
        k8s:
          affinity: *affinity
    ingressGateways:
      - name: "istio-ingressgateway"
        k8s:
          affinity: *affinity

Notice

all images tag version without v prefix like official did
Release only the supported releases

%%{init:{'theme':'base'}}%%
flowchart TD
    dependabot
    
    ga_build_tools("github actions build-tools")
    
    subgraph ga_isito ["github actions istio"]
        build_envoy_arm64["build envoy for arm64"]
        build_istio["build istio"]
        
        build_envoy_arm64
        --> build_istio
    end   
    
    build_tools_images("ghcr.io/resf/istio/build-tools[-proxy]:release-<VERSION_MINOR>-latest")
    istio_images("ghcr.io/resf/istio/*:<VERSION>*[-distroless]")
    
    dependabot
    -->|"upgrade if need"|gitmodules("tools commitsha in gitmodules")
    -->|"merge & trigger"|ga_build_tools 
    -->|"build & push"|build_tools_images
    
    dependabot
    -->|"upgrade if need"|Dockerfile("patch version in Dockerfile.version")
    -->|"merge & trigger"|ga_isito
    -->|"build & push"|istio_images

istio's People

Contributors

Stargazers

Watchers

istio's Issues

您好，NodePort的端口可以指定吗？

现在装完的istio，nodeport的端口是随机的，我是mac系统，用kind做的kubernetes的集群，docker没有网桥，不能直接和集群通信，只能通过kind的配置文件，映射nodeport来和集群通信，每次修改kind集群的nodeport配置，都需要把集群删除再重新创建才行，但是重新创建后，istio一重装，端口又不一样了，导致现在没法正常使用istio，请问有什么办法解决吗？感谢！

libwee8.a does not exist

Move compiled library to the expected destinations.

popd
mv $ROOT/wee8/out/wee8/obj/libwee8.a bazel-out/aarch64-opt/bin/external/com_googlesource_chromium_v8/libwee8.a
')
ERROR: /tmp/bazel/_bazel_root/858f7022510154a9c012e8908a11b859/external/com_googlesource_chromium_v8/BUILD.bazel:33:8: Executing genrule @com_googlesource_chromium_v8//:build failed: (Exit 1): process-wrapper failed: error executing command

Your .dependabot/config.yml contained invalid details

Dependabot encountered the following error when parsing your .dependabot/config.yml:

The property '#/' did not contain a required property of 'update_configs'
The property '#/' contains additional properties ["updates"] outside of the schema when none are allowed
The property '#/version' value 2 did not match one of the following values: 1

Please update the config file to conform with Dependabot's specification using our docs and online validator.

Error in operator pod

I used the 1.9.1 operator release as mentioned in the readme & I get the following log in the operator pod.

2022-01-08T20:51:18.194692Z	info	ControlZ available at 127.0.0.1:9876
2022-01-08T20:51:18.194761Z	info	leader election cm: istio-operator-lock
2022-01-08T20:51:18.499019Z	info	Creating operator metrics exporter
2022-01-08T20:51:18.499162Z	info	Registering Components.
2022-01-08T20:51:18.499226Z	info	installer	Adding controller for IstioOperator.
2022-01-08T20:51:18.499279Z	info	installer	Controller added
2022-01-08T20:51:18.499302Z	info	Starting the Cmd.
2022-01-08T20:51:18.499547Z	info	klog	attempting to acquire leader lease istio-operator/istio-operator-lock...
2022-01-08T20:51:35.278326Z	info	klog	successfully acquired lease istio-operator/istio-operator-lock
2022-01-08T20:51:35.382141Z	info	klog	autoscaling/v2beta1 HorizontalPodAutoscaler is deprecated in v1.22+, unavailable in v1.25+; use autoscaling/v2beta2 HorizontalPodAutoscaler
2022-01-08T20:51:35.383174Z	info	klog	autoscaling/v2beta1 HorizontalPodAutoscaler is deprecated in v1.22+, unavailable in v1.25+; use autoscaling/v2beta2 HorizontalPodAutoscaler
2022-01-08T20:51:35.482841Z	info	klog	policy/v1beta1 PodDisruptionBudget is deprecated in v1.21+, unavailable in v1.25+; use policy/v1 PodDisruptionBudget
2022-01-08T20:51:35.484141Z	info	klog	policy/v1beta1 PodDisruptionBudget is deprecated in v1.21+, unavailable in v1.25+; use policy/v1 PodDisruptionBudget
2022-01-08T20:51:36.690266Z	fatal	Manager exited non-zero: no matches for kind "RoleBinding" in version "rbac.authorization.k8s.io/v1beta1"

I'm using Kubernetes v1.22 and rbac.authorization.k8s.io/v1beta1 is not present in this version of k8s. Source - https://kubernetes.io/docs/reference/using-api/deprecation-guide/#rbac-resources-v122

compile arm64 envoy error , error is com_googlesource_chromium_v8/BUILD.bazel:31:8

ERROR: /root/.cache/bazel/_bazel_root/596b0cd1ad0211ef049437fdd23e86ea/external/com_googlesource_chromium_v8/BUILD.bazel:31:8: Executing genrule @com_googlesource_chromium_v8//:build failed (Exit 1): bash failed: error executing command /bin/bash -c ... (remaining 1 argument(s) skipped)

Use --sandbox_debug to see verbose messages from the sandbox bash failed: error executing command /bin/bash -c ... (remaining 1 argument(s) skipped)

Use --sandbox_debug to see verbose messages from the sandbox
/root/.cache/bazel/_bazel_root/596b0cd1ad0211ef049437fdd23e86ea/sandbox/processwrapper-sandbox/1/execroot/io_istio_proxy/external/com_googlesource_chromium_v8/wee8 /root/.cache/bazel/_bazel_root/596b0cd1ad0211ef049437fdd23e86ea/sandbox/processwrapper-sandbox/1/execroot/io_istio_proxy
Done. Made 159 targets from 86 files in 92ms
ninja: Entering directory `out/wee8'
[1/1236] STAMP obj/v8_tracing.stamp
[2/1236] STAMP obj/v8_config_headers.stamp
[3/1236] CXX obj/v8_cppgc_shared/push_registers_asm.o
[4/1236] ACTION //:v8_dump_build_config(//build/toolchain/linux/unbundle:default)
[5/1236] STAMP obj/v8_version.stamp
[6/1236] STAMP obj/build/config/common_deps.stamp
[7/1236] STAMP obj/v8_maybe_icu.stamp
[8/1236] STAMP obj/v8_dump_build_config.stamp
[9/1236] STAMP obj/v8_headers.stamp
[10/1236] STAMP obj/build/config/executable_deps.stamp
[11/1236] CXX obj/v8_libbase/once.o
[12/1236] CXX obj/cppgc_base/source-location.o
[13/1236] CXX obj/cppgc_base/logging.o
[14/1236] CXX obj/cppgc_base/process-heap.o
[15/1236] CXX obj/cppgc_base/caged-heap-local-data.o
[16/1236] CXX obj/cppgc_base/name-trait.o
[17/1236] CXX obj/cppgc_base/virtual-memory.o
[18/1236] CXX obj/v8_libbase/bits.o
[19/1236] CXX obj/v8_libbase/sys-info.o
[20/1236] CXX obj/v8_libbase/vlq-base64.o
[21/1236] CXX obj/v8_libbase/cpu.o
[22/1236] CXX obj/v8_libbase/division-by-constant.o
[23/1236] CXX obj/v8_libbase/mutex.o
[24/1236] CXX obj/v8_cppgc_shared/worklist.o
[25/1236] CXX obj/cppgc_base/gc-info.o
[26/1236] CXX obj/cppgc_base/heap-object-header.o
[27/1236] CXX obj/cppgc_base/incremental-marking-schedule.o
[28/1236] CXX obj/cppgc_base/platform.o
[29/1236] CXX obj/v8_libbase/file-utils.o
[30/1236] CXX obj/cppgc_base/liveness-broker.o
[31/1236] CXX obj/v8_cppgc_shared/stack.o
[32/1236] STAMP obj/src/inspector/inspector_test_headers.stamp
[33/1236] STAMP obj/build/win/default_exe_manifest.stamp
[34/1236] STAMP obj/v8_wrappers.stamp
[35/1236] CXX obj/cppgc_base/compaction-worklists.o
[36/1236] CXX obj/cppgc_base/gc-info-table.o
[37/1236] CXX obj/cppgc_base/object-size-trait.o
[38/1236] CXX obj/cppgc_base/trace-trait.o
[39/1236] CXX obj/v8_libbase/condition-variable.o
[40/1236] CXX obj/v8_libbase/semaphore.o
[41/1236] CXX obj/v8_libbase/stack_trace.o
[42/1236] CXX obj/v8_libbase/functional.o
[43/1236] CXX obj/v8_libbase/page-allocator.o
[44/1236] CXX obj/v8_libbase/platform-posix-time.o
[45/1236] CXX obj/cppgc_base/allocation.o
[46/1236] CXX obj/cppgc_base/heap-space.o
[47/1236] CXX obj/v8_libbase/time.o
[48/1236] ACTION //src/inspector:protocol_compatibility(//build/toolchain/linux/unbundle:default)
[49/1236] CC obj/third_party/zlib/zlib/compress.o
[50/1236] CC obj/third_party/zlib/zlib/cpu_features.o
[51/1236] CXX obj/cppgc_base/raw-heap.o
[52/1236] CXX obj/cppgc_base/caged-heap.o
[53/1236] CXX obj/v8_libbase/bounded-page-allocator.o
[54/1236] CXX obj/v8_libbase/platform-linux.o
[55/1236] CC obj/third_party/zlib/zlib/adler32.o
[56/1236] CC obj/third_party/zlib/zlib_arm_crc32/crc32_simd.o
[57/1236] STAMP obj/src/inspector/protocol_compatibility.stamp
[58/1236] CXX obj/cppgc_base/free-list.o
[59/1236] CXX obj/cppgc_base/marking-worklists.o
[60/1236] CXX obj/cppgc_base/visitor.o
[61/1236] CXX obj/v8_libbase/stack_trace_posix.o
[62/1236] CC obj/third_party/zlib/zlib/crc32.o
[63/1236] CC obj/third_party/zlib/zlib/gzclose.o
[64/1236] CC obj/third_party/zlib/zlib/gzlib.o
[65/1236] CXX obj/cppgc_base/default-platform.o
[66/1236] STAMP obj/third_party/zlib/zlib_common_headers.stamp
[67/1236] CXX obj/v8_libbase/logging.o
[68/1236] CC obj/third_party/zlib/zlib/gzread.o
[69/1236] CC obj/third_party/zlib/zlib/gzwrite.o
[70/1236] CC obj/third_party/zlib/zlib/inffast.o
[71/1236] CC obj/third_party/zlib/zlib/uncompr.o
[72/1236] CC obj/third_party/zlib/zlib/zutil.o
[73/1236] STAMP obj/third_party/zlib/zlib_arm_crc32.stamp
[74/1236] STAMP obj/third_party/zlib/zlib_x86_simd.stamp
[75/1236] CC obj/third_party/zlib/zlib/inftrees.o
[76/1236] CXX obj/cppgc_base/process-heap-statistics.o
[77/1236] CXX obj/cppgc_base/persistent-node.o
[78/1236] CXX obj/third_party/zlib/google/compression_utils_portable/compression_utils_portable.o
[79/1236] CXX obj/v8_libbase/ieee754.o
[80/1236] CXX obj/v8_libbase/platform-posix.o
[81/1236] CXX obj/bytecode_builtins_list_generator/bytecode-operands.o
[82/1236] CC obj/third_party/zlib/zlib/infback.o
[83/1236] CXX obj/v8_libplatform/default-job.o
[84/1236] CC obj/third_party/zlib/zlib_adler32_simd/adler32_simd.o
[85/1236] STAMP obj/third_party/zlib/zlib_adler32_simd.stamp
[86/1236] CXX obj/cppgc_base/stats-collector.o
[87/1236] CXX obj/cppgc_base/heap-state.o
[88/1236] CXX obj/cppgc_base/heap-consistency.o
[89/1236] CXX obj/v8_libbase/random-number-generator.o
[90/1236] CXX obj/cppgc_base/pointer-policies.o
[91/1236] CXX obj/v8_libbase/region-allocator.o
[92/1236] CC obj/third_party/zlib/zlib/trees.o
[93/1236] AR obj/libv8_libbase.a
[94/1236] STAMP obj/v8_shared_internal_headers.stamp
[95/1236] STAMP obj/v8_cppgc_shared.stamp
[96/1236] CC obj/third_party/zlib/zlib_inflate_chunk_simd/inffast_chunk.o
[97/1236] CXX obj/third_party/inspector_protocol/crdtp/span.o
[98/1236] CXX obj/third_party/inspector_protocol/crdtp/serializable.o
[99/1236] CXX obj/cppgc_base/heap-growing.o
[100/1236] CXX obj/cppgc_base/prefinalizer-handler.o
[101/1236] CXX obj/third_party/inspector_protocol/crdtp/error_support.o
[102/1236] CXX obj/cppgc_base/gc-invoker.o
[103/1236] CXX obj/cppgc_base/marking-state.o
[104/1236] CXX obj/cppgc_base/object-allocator.o
[105/1236] CXX obj/bytecode_builtins_list_generator/generate-bytecodes-builtins-list.o
[106/1236] CXX obj/cppgc_base/write-barrier.o
[107/1236] CXX obj/third_party/inspector_protocol/crdtp/status.o
[108/1236] CXX obj/cppgc_base/heap-page.o
[109/1236] CXX obj/bytecode_builtins_list_generator/bytecodes.o
[110/1236] CXX obj/cppgc_base/heap.o
[111/1236] ACTION //src/inspector:protocol_generated_sources(//build/toolchain/linux/unbundle:default)
[112/1236] STAMP obj/src/inspector/protocol_generated_sources.stamp
[113/1236] CC obj/third_party/zlib/zlib/deflate.o
[114/1236] CXX obj/cppgc_base/heap-statistics-collector.o
[115/1236] CXX obj/cppgc_base/marking-verifier.o
[116/1236] CXX obj/cppgc_base/marking-visitor.o
[117/1236] LINK ./bytecode_builtins_list_generator
[118/1236] CXX obj/v8_libplatform/worker-thread.o
[119/1236] ACTION //:generate_bytecode_builtins_list(//build/toolchain/linux/unbundle:default)
FAILED: gen/builtins-generated/bytecodes-builtins-list.h
python ../../tools/run.py ./bytecode_builtins_list_generator gen/builtins-generated/bytecodes-builtins-list.h
Return code is -11
[120/1236] CXX obj/cppgc_base/heap-base.o
[121/1236] CXX obj/cppgc_base/page-memory.o
[122/1236] CXX obj/torque_base/source-positions.o
[123/1236] CXX obj/v8_libplatform/default-worker-threads-task-runner.o
[124/1236] CXX obj/src/inspector/inspector_string_conversions/v8-string-conversions.o
[125/1236] CXX obj/third_party/inspector_protocol/crdtp_platform/json_platform_v8.o
[126/1236] CXX obj/v8_libplatform/recorder-default.o
[127/1236] CC obj/third_party/zlib/zlib_inflate_chunk_simd/inflate.o
[128/1236] CXX obj/third_party/inspector_protocol/crdtp/protocol_core.o
[129/1236] CXX obj/v8_libplatform/task-queue.o
[130/1236] CXX obj/cppgc_base/concurrent-marker.o
[131/1236] CXX obj/v8_libplatform/trace-object.o
[132/1236] CXX obj/v8_libplatform/delayed-task-queue.o
[133/1236] CXX obj/v8_libplatform/trace-config.o
[134/1236] CXX obj/v8_libplatform/trace-buffer.o
[135/1236] CXX obj/v8_libplatform/trace-writer.o
[136/1236] CXX obj/v8_libplatform/default-foreground-task-runner.o
[137/1236] CXX obj/cppgc_base/compactor.o
[138/1236] CXX obj/third_party/inspector_protocol/crdtp/cbor.o
[139/1236] CXX obj/v8_libplatform/tracing-controller.o
[140/1236] CXX obj/cppgc_base/sweeper.o
[141/1236] CXX obj/cppgc_base/marker.o
[142/1236] CXX obj/v8_libsampler/sampler.o
[143/1236] CXX obj/torque_base/torque-code-generator.o
[144/1236] CXX obj/torque_base/global-context.o
[145/1236] CXX obj/torque_base/type-inference.o
[146/1236] CXX obj/v8_libplatform/default-platform.o
[147/1236] CXX obj/third_party/inspector_protocol/crdtp/json.o
[148/1236] CXX obj/src/inspector/inspector/v8-value-utils.o
[149/1236] CXX obj/src/inspector/inspector/string-16.o
[150/1236] CXX obj/torque_base/type-oracle.o
[151/1236] CXX obj/third_party/inspector_protocol/crdtp/dispatch.o
[152/1236] CXX obj/src/inspector/inspector/remote-object-id.o
[153/1236] CXX obj/torque_base/earley-parser.o
[154/1236] CXX obj/src/inspector/inspector/v8-schema-agent-impl.o
[155/1236] CXX obj/torque_base/utils.o
[156/1236] CXX obj/torque_base/server-data.o
[157/1236] CXX obj/src/inspector/inspector/Schema.o
[158/1236] CXX obj/torque_base/declarable.o
[159/1236] CXX obj/src/inspector/inspector/string-util.o
[160/1236] CXX obj/src/inspector/inspector/Console.o
[161/1236] CXX obj/src/inspector/inspector/test-interface.o
[162/1236] CXX obj/src/inspector/inspector/v8-regex.o
[163/1236] CXX obj/torque/torque.o
[164/1236] CXX obj/src/inspector/inspector/v8-debugger-id.o
[165/1236] CXX obj/src/inspector/inspector/v8-console-agent-impl.o
[166/1236] CXX obj/src/inspector/inspector/Protocol.o
[167/1236] CXX obj/torque_base/cfg.o
[168/1236] CXX obj/src/inspector/inspector/inspected-context.o
[169/1236] CXX obj/torque_base/cc-generator.o
[170/1236] CXX obj/torque_base/class-debug-reader-generator.o
[171/1236] CXX obj/src/inspector/inspector/custom-preview.o
[172/1236] CXX obj/src/inspector/inspector/HeapProfiler.o
[173/1236] CXX obj/src/inspector/inspector/v8-debugger-script.o
[174/1236] CXX obj/torque_base/instance-type-generator.o
[175/1236] CXX obj/src/inspector/inspector/search-util.o
[176/1236] CXX obj/torque_base/declaration-visitor.o
[177/1236] CXX obj/torque_base/torque-compiler.o
[178/1236] CXX obj/src/inspector/inspector/v8-stack-trace-impl.o
[179/1236] CXX obj/src/inspector/inspector/v8-heap-profiler-agent-impl.o
[180/1236] CXX obj/torque_base/instructions.o
[181/1236] CXX obj/src/inspector/inspector/v8-console.o
[182/1236] CXX obj/torque_base/csa-generator.o
[183/1236] CXX obj/torque_base/declarations.o
[184/1236] CXX obj/src/inspector/inspector/Profiler.o
[185/1236] CXX obj/src/inspector/inspector/Debugger.o
[186/1236] CXX obj/src/inspector/inspector/v8-inspector-session-impl.o
[187/1236] CXX obj/torque_base/type-visitor.o
[188/1236] CXX obj/src/inspector/inspector/Runtime.o
[189/1236] CXX obj/src/inspector/inspector/v8-console-message.o
[190/1236] CXX obj/src/inspector/inspector/v8-profiler-agent-impl.o
[191/1236] CXX obj/src/inspector/inspector/v8-runtime-agent-impl.o
[192/1236] CXX obj/src/inspector/inspector/v8-inspector-impl.o
[193/1236] CXX obj/src/inspector/inspector/value-mirror.o
[194/1236] CXX obj/src/inspector/inspector/injected-script.o
[195/1236] CXX obj/src/inspector/inspector/v8-debugger.o
[196/1236] CXX obj/torque_base/types.o
[197/1236] CXX obj/src/inspector/inspector/v8-debugger-agent-impl.o
[198/1236] CXX obj/torque_base/implementation-visitor.o
[199/1236] CXX obj/torque_base/torque-parser.o
ninja: build stopped: subcommand failed.
Target @com_googlesource_chromium_v8//:build failed to build
Use --verbose_failures to see the command lines of failed build steps.
INFO: Elapsed time: 56.122s, Critical Path: 22.73s
INFO: 2 processes: 2 internal.
FAILED: Build did NOT complete successfully

istio operator init verify crd creation failed

when i install occurs errors, details as follow

$ istioctl operator init --hub=docker.io/querycapistio --tag=1.12.2
Using operator Deployment image: docker.io/querycapistio/operator:1.12.2

Processing resources for Istio operator. 2022-01-23T16:22:07.488286Z error installer failed to verify CRD creation; the server could not find the requested resource
Istio operator encountered an error: failed to wait for resource: failed to verify CRD creation: the server could not find the requested resource
failed to wait for resource: failed to verify CRD creation: the server could not find the requested resource

Fix Readme

$ istioctl operator init --hub=docker.io/querycapistio --tag=1.30.0
should be
$ istioctl operator init --hub=docker.io/querycapistio --tag=1.13.0

你好，请问有没有编译教程，或者能不能加入1.8.4版本

由于需要使用1.8.4版本，而querycap的docker库里没有此版本，想尝试自己编译，但是在编译proxy期间报错，求帮助

Issue with microk8s aarch64

Hi,

I'm trying to installing on k8s multi-cluster ubuntu raspberry pi 4 but it seems is not able to download the files, could you please help me with that?

Following logs

ubuntu@ubuntu:~$ microk8s helm repo list                                     NAME            URL
stable          https://kubernetes-charts.storage.googleapis.com
local           http://127.0.0.1:8879/charts
querycaspistio  https://querycap.github.io/istio
ubuntu@ubuntu:~$ microk8s helm install -n istio-operator querycapistio/istio-operator
Error: failed to download "querycapistio/istio-operator" (hint: running `helm repo update` may help)
ubuntu@ubuntu:~$

uname -a

Linux ubuntu 5.4.0-1023-raspi #26-Ubuntu SMP PREEMPT Thu Nov 12 14:58:33 UTC 2020 aarch64 aarch64 aarch64 GNU/Linux

microk8s v1.18.12
Helm jessestuart/tiller:v2.16.12

你好，我想问一下在x86下编译arm的可行性

官方现在对arm架构的支持是什么情况，搜了一会代码发现有几行注释

# * docker run --rm --privileged multiarch/qemu-user-static --reset -p yes
# * docker buildx create --name multi-arch --platform linux/amd64,linux/arm64 --use
# * export DOCKER_ARCHITECTURES="linux/amd64,linux/arm64"

似乎是用qemu模拟arm架构，不过看了一眼文件名似乎是base镜像。
我主要想问两个问题：

官方的编译脚本是否支持在x86环境下编译管理面和数据面的镜像？
能否提供一下ARM环境下编译的步骤，需要设置哪些环境变量？

（抱歉，我英文比较差，看到作者地区写的China，不得已使用中文提问
（注：我目标版本是1.11.3

proxyv2 cannot collector istio_* metrics

the proxyv2 image cannot collect the istio_* metrics
such as
istio_requests_total

is there any bugs through the envoy build?

example your images

Hi, sorry for asking, but where do I get an example of istio installation setup with your images for me test?
I tried following the istio site but their explanation is a bit confusing and I can't run some things because of failed for volume "istiod-ca-cert" etc.

some people can run but do not share how they set up or put the .yaml with examples, maybe it is simple for some but for me I am confused.
Maybe if I edit all the yaml files, but there are so many that I don't know which one has an image to edit the docker hub.

kubernetes is supposed to be something simple with helm but installing istio on arm64 is kind of complicated without a doc explaining haha lol

Do we have a docker image versiond 1.9.6 and architecture is arm64

The ingress and egress gateways stuck on pending

Hi @morlay:

First of all, thanks for sharing the ARM Istio Images.

I met a problem after followed the installation guide in README. I'm not sure if my operation is wrong.

Description

I am using an istioctl with version 1.10.2. I initialized the operator by executing the command below:

istioctl operator init --hub=docker.io/querycapistio --tag=1.9.2

The operator is running as expected:

❯ k -n istio-operator get pod                                
NAME                              READY   STATUS    RESTARTS   AGE
istio-operator-59588b8ff6-95s8m   1/1     Running   0          9m40s

I found the namespace istio-system is created after initialization and I installed istio:

kubectl apply -f - <<EOF
apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
metadata:
  namespace: istio-system
  name: example-istiocontrolplane
spec:
  hub: docker.io/querycapistio
  profile: demo
EOF

The operator realized the installation request, and the two pods istio-ingressgateway and istio-ingressgateway were created. However, they were stuck at pending because affinity did not match. I found there is no value arm64 added in spec.affinity.

Other information:

system: macOS
arch: arm64
cluster is built by minikube

Another try

I also tried to set spec.components.*.k8s.affinity and create a new manifest below:

apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
metadata:
  namespace: istio-system
  name: example-istiocontrolplane
spec:
  hub: docker.io/querycapistio
  profile: demo
  components:
    pilot:
      k8s: # each components have to set this
        affinity: &affinity
          nodeAffinity:
            requiredDuringSchedulingIgnoredDuringExecution:
              nodeSelectorTerms:
                - matchExpressions:
                    - key: kubernetes.io/arch
                      operator: In
                      values:
                        - arm64
                        - amd64
    egressGateways:
      - k8s:
          affinity: *affinity
    ingressGateways:
      - k8s:
          affinity: *affinity

After applied that, the operator logged an error:

2021-09-17T02:59:08.754190Z	info	installer	Reconciling IstioOperator
2021-09-17T02:59:08.755945Z	info	installer	Updating IstioOperator
2021-09-17T02:59:08.756054Z	info	installer	Loading values from compiled in VFS at path profiles/demo.yaml
2021-09-17T02:59:08.756076Z	info	installer	Loading values from compiled in VFS at path profiles/default.yaml
2021-09-17T02:59:08.879809Z	error	installer	failed to merge base profile with user IstioOperator CR example-istiocontrolplane, json merge error (map: map[k8s:map[affinity:map[nodeAffinity:map[requiredDuringSchedulingIgnoredDuringExecution:map[nodeSelectorTerms:[map[matchExpressions:[map[key:kubernetes.io/arch operator:In values:[arm64 amd64]]]]]]]]]] does not contain declared merge key: name) for base object: 
{"apiVersion":"install.istio.io/v1alpha1","kind":"IstioOperator","metadata":{"namespace":"istio-system"},"spec":{"components":{"base":{"enabled":true},"cni":{"enabled":false},"egressGateways":[{"enabled":true,"k8s":{"resources":{"requests":{"cpu":"10m","memory":"40Mi"}}},"name":"istio-egressgateway"}],"ingressGateways":[{"enabled":true,"k8s":{"resources":{"requests":{"cpu":"10m","memory":"40Mi"}},"service":{"ports":[{"name":"status-port","port":15021,"targetPort":15021},{"name":"http2","port":80,"targetPort":8080},{"name":"https","port":443,"targetPort":8443},{"name":"tcp","port":31400,"targetPort":31400},{"name":"tls","port":15443,"targetPort":15443}]}},"name":"istio-ingressgateway"}],"istiodRemote":{"enabled":false},"pilot":{"enabled":true,"k8s":{"env":[{"name":"PILOT_TRACE_SAMPLING","value":"100"}],"resources":{"requests":{"cpu":"10m","memory":"100Mi"}}}}},"hub":"docker.io/istio","meshConfig":{"accessLogFile":"/dev/stdout","defaultConfig":{"proxyMetadata":{}},"enablePrometheusMerge":true},"tag":"1.9.2","values":{"base":{"enableCRDTemplates":false,"validationURL":""},"gateways":{"istio-egressgateway":{"autoscaleEnabled":false,"env":{},"name":"istio-egressgateway","secretVolumes":[{"mountPath":"/etc/istio/egressgateway-certs","name":"egressgateway-certs","secretName":"istio-egressgateway-certs"},{"mountPath":"/etc/istio/egressgateway-ca-certs","name":"egressgateway-ca-certs","secretName":"istio-egressgateway-ca-certs"}],"type":"ClusterIP","zvpn":{}},"istio-ingressgateway":{"autoscaleEnabled":false,"env":{},"name":"istio-ingressgateway","secretVolumes":[{"mountPath":"/etc/istio/ingressgateway-certs","name":"ingressgateway-certs","secretName":"istio-ingressgateway-certs"},{"mountPath":"/etc/istio/ingressgateway-ca-certs","name":"ingressgateway-ca-certs","secretName":"istio-ingressgateway-ca-certs"}],"type":"LoadBalancer","zvpn":{}}},"global":{"arch":{"amd64":2,"ppc64le":2,"s390x":2},"configValidation":true,"defaultNodeSelector":{},"defaultPodDisruptionBudget":{"enabled":true},"defaultResources":{"requests":{"cpu":"10m"}},"imagePullPolicy":"","imagePullSecrets":[],"istioNamespace":"istio-system","istiod":{"enableAnalysis":false},"jwtPolicy":"third-party-jwt","logAsJson":false,"logging":{"level":"default:info"},"meshNetworks":{},"mountMtlsCerts":false,"multiCluster":{"clusterName":"","enabled":false},"network":"","omitSidecarInjectorConfigMap":false,"oneNamespace":false,"operatorManageWebhooks":false,"pilotCertProvider":"istiod","priorityClassName":"","proxy":{"autoInject":"enabled","clusterDomain":"cluster.local","componentLogLevel":"misc:error","enableCoreDump":false,"excludeIPRanges":"","excludeInboundPorts":"","excludeOutboundPorts":"","image":"proxyv2","includeIPRanges":"*","logLevel":"warning","privileged":false,"readinessFailureThreshold":30,"readinessInitialDelaySeconds":1,"readinessPeriodSeconds":2,"resources":{"limits":{"cpu":"2000m","memory":"1024Mi"},"requests":{"cpu":"10m","memory":"40Mi"}},"statusPort":15020,"tracer":"zipkin"},"proxy_init":{"image":"proxyv2","resources":{"limits":{"cpu":"2000m","memory":"1024Mi"},"requests":{"cpu":"10m","memory":"10Mi"}}},"sds":{"token":{"aud":"istio-ca"}},"sts":{"servicePort":0},"tracer":{"datadog":{},"lightstep":{},"stackdriver":{},"zipkin":{}},"useMCP":false},"istiodRemote":{"injectionURL":""},"pilot":{"autoscaleEnabled":false,"autoscaleMax":5,"autoscaleMin":1,"configMap":true,"cpu":{"targetAverageUtilization":80},"deploymentLabels":null,"enableProtocolSniffingForInbound":true,"enableProtocolSniffingForOutbound":true,"env":{},"image":"pilot","keepaliveMaxServerConnectionAge":"30m","nodeSelector":{},"replicaCount":1,"traceSampling":1},"telemetry":{"enabled":true,"v2":{"enabled":true,"metadataExchange":{"wasmEnabled":false},"prometheus":{"enabled":true,"wasmEnabled":false},"stackdriver":{"configOverride":{},"enabled":false,"logging":false,"monitoring":false,"topology":false}}}}}}
 override object: 
{"apiVersion":"install.istio.io/v1alpha1","kind":"IstioOperator","metadata":{"annotations":{"kubectl.kubernetes.io/last-applied-configuration":"{\"apiVersion\":\"install.istio.io/v1alpha1\",\"kind\":\"IstioOperator\",\"metadata\":{\"annotations\":{},\"name\":\"example-istiocontrolplane\",\"namespace\":\"istio-system\"},\"spec\":{\"components\":{\"egressGateways\":[{\"k8s\":{\"affinity\":{\"nodeAffinity\":{\"requiredDuringSchedulingIgnoredDuringExecution\":{\"nodeSelectorTerms\":[{\"matchExpressions\":[{\"key\":\"kubernetes.io/arch\",\"operator\":\"In\",\"values\":[\"arm64\",\"amd64\"]}]}]}}}}}],\"ingressGateways\":[{\"k8s\":{\"affinity\":{\"nodeAffinity\":{\"requiredDuringSchedulingIgnoredDuringExecution\":{\"nodeSelectorTerms\":[{\"matchExpressions\":[{\"key\":\"kubernetes.io/arch\",\"operator\":\"In\",\"values\":[\"arm64\",\"amd64\"]}]}]}}}}}],\"pilot\":{\"k8s\":{\"affinity\":{\"nodeAffinity\":{\"requiredDuringSchedulingIgnoredDuringExecution\":{\"nodeSelectorTerms\":[{\"matchExpressions\":[{\"key\":\"kubernetes.io/arch\",\"operator\":\"In\",\"values\":[\"arm64\",\"amd64\"]}]}]}}}}}},\"hub\":\"docker.io/querycapistio\",\"profile\":\"demo\"}}\n"},"creationTimestamp":"2021-09-17T02:58:47Z","finalizers":["istio-finalizer.install.istio.io"],"generation":"1","managedFields":[{"apiVersion":"install.istio.io/v1alpha1","fieldsType":"FieldsV1","fieldsV1":{"f:metadata":{"f:annotations":{".":{},"f:kubectl.kubernetes.io/last-applied-configuration":{}}},"f:spec":{".":{},"f:components":{".":{},"f:egressGateways":{},"f:ingressGateways":{},"f:pilot":{".":{},"f:k8s":{".":{},"f:affinity":{".":{},"f:nodeAffinity":{".":{},"f:requiredDuringSchedulingIgnoredDuringExecution":{".":{},"f:nodeSelectorTerms":{}}}}}}},"f:hub":{},"f:profile":{}}},"manager":"kubectl-client-side-apply","operation":"Update","time":"2021-09-17T02:58:47Z"},{"apiVersion":"install.istio.io/v1alpha1","fieldsType":"FieldsV1","fieldsV1":{"f:metadata":{"f:finalizers":{".":{},"v:\"istio-finalizer.install.istio.io\"":{}}}},"manager":"operator","operation":"Update","time":"2021-09-17T02:58:47Z"}],"name":"example-istiocontrolplane","namespace":"istio-system","resourceVersion":"572","uid":"46203465-810c-46fe-bcc8-81cdcb6e6dda"},"spec":{"components":{"egressGateways":[{"k8s":{"affinity":{"nodeAffinity":{"requiredDuringSchedulingIgnoredDuringExecution":{"nodeSelectorTerms":[{"matchExpressions":[{"key":"kubernetes.io/arch","operator":"In","values":["arm64","amd64"]}]}]}}}}}],"ingressGateways":[{"k8s":{"affinity":{"nodeAffinity":{"requiredDuringSchedulingIgnoredDuringExecution":{"nodeSelectorTerms":[{"matchExpressions":[{"key":"kubernetes.io/arch","operator":"In","values":["arm64","amd64"]}]}]}}}}}],"pilot":{"k8s":{"affinity":{"nodeAffinity":{"requiredDuringSchedulingIgnoredDuringExecution":{"nodeSelectorTerms":[{"matchExpressions":[{"key":"kubernetes.io/arch","operator":"In","values":["arm64","amd64"]}]}]}}}}}},"hub":"docker.io/querycapistio","profile":"demo"}}	moreInfo=The values in the selected spec.profile could not be merged with the user IstioOperator resource. impact=The operator controller cannot create and act upon the user defined IstioOperator resource. The Istio control plane will not be installed or updated. action=Check that the IstioOperator resource has the correct syntax. If you are sure your configuration is correct, see https://istio.io/latest/about/bugs for possible solutions. likelyCause=The likely cause is an incorrect or badly formatted configuration.Another possible cause could be an issue with the Istio code.