-
How I Upgraded Sail Operator And How I Would Do It Next Time
It’s been a while since I installed Istio with Sail Operator in my home lab Kubernetes cluster. The version of Sail Operator was 0.2 and now 1.26 is available. There are so many releases between 0.2 and 1.26! Can I upgrade directly to the latest and skip all the middle ones? It’s my home lab…
-
How to Migrate from Istio Ingress Gateway to Kubernetes Gateway API
Why? Before the last Istio upgrade I did with Sail Operator, there was Istio 1.19 running in my Kubernetes lab. And the Istio Ingress Gateway has worked very well for years, after I migrated from Kubernetes Ingress Controller. Now with Istio 1.23, Kubernetes Gateway API became an option along side with Istio Ingress Gateway. What…
-
How to Install the Sail Operator for Kubernetes
I was a late adopter of the Istio Operator but didn’t expect that it will be gone so soon. I didn’t want to go back to manage Istio using istioctl or Helm templates so I was in a rush to pick a successor for Istio Operator. After reading a few articles, looks like I’m gonna…
-
How to Allow and Respect Differences in ArgoCD
I’ve been using ArgoCD as my GitOps toolkit for my Kubernetes home lab for many years, nothing major to complain. I wanted to test canary deployment with Argo Rollouts with which Istio is supported. However Argo Rollouts is not really GitOps friendly – it modifies weight of routes without commit to git repository, to gradually…
-
How to Upgrade Istio the Git-Ops Way
Istio 1.17 has been running really well in my Garage Kubernetes lab, but I thought it’s time to give it an upgrade. It was installed and configured using istioctl utility last time when I bootstrapped the cluster. Since I’ve automated a lot of Kubernetes resources using ArgoCD I would like to upgrade Istio the git-ops…
-
How to Enable Compression in Istio Ingress Gateway
TL; DR: here’s a code snippet to turn on gzip compression for Istio’s ingress gateway, using Envoy filter. Tested with Istio 1.16 and Kubernetes 1.26. To test it with curl: 🙂
-
How to Use the Sidecar Resource to Optimise Memory Footprint of Istio Sidecar
In a populous GKE cluster, I saw the memory utilisation getting very high. After some investigation, to my surprise, a great deal of memory was consumed by tiny Istio sidecars. And they are getting bloated round the clock. The Istio sidecar essentially is an envoy proxy configured by Istio controller – istiod. It’s usually light-weight,…
-
How to Regulate Egress Access in Kubernetes with Istio
Usually I don’t mind to give pods unlimited egress access, ie. the pods I deployed can access the whole internet if it needs to. However when the pods take input from users it’s a whole different story. For example, running some sandbox applications such as an online Python learning environment, the workload can be abused…