v0.8.3
Data plane operator
The data plane operator, in charge of deploying the ingress gateways in Kubernetes, moves
from control plane namespace (istio-system
by default) to its own namespace. As a result,
you should not upgrade the existing data plane operator deployment but deploy a new one instead.
Operator Configuration Values
The data plane operator installation needs some parameters described in the tetrate/install/tsboperator/config-values
file.
This file lists a series of environment variables used by the operator deploy scripts and you can choose to set them in the file so you can source it every time you need to run the scripts or set them as environment variables in your shell to be picked up by the scripts.
The following documentation assumes that you edit the config-values
file to suit your needs and that you
have already sourced it in your current shell.
source tetrate/install/tsboperator/config-values
Deploy the new Data Plane Operator
The data plane operator will watch for TSB data plane configuration resources. Once deployed, you then configure
gateways (Ingress
, Egress
or Tier1
) as described by such resources. To deploy the TSB data plane operator use
the provided script.
./tetrate/install/tsboperator/deploy-dataplane-operator.sh
note
No data plane configurations need to be deployed at this point. Instead, you will create and deploy them as required when you need to deploy ingress gateways.
Upgrade gateways
The new data plane operator uses a new API for describing the ingress gateways.
You will need to replace the existing dataplaneconfigs.install.tetrate.io
custom resources by the equivalent ones with the new APIs. The
new data plane operator in turn will take care of performing the necessary changes to upgrade the ingress gateways.
Once you have applied a new gateway CR for replacing an existing gateway, delete the correspondent DataPlaneConfig
.
Cleanup old data plane operator
Once all gateways have been created using the new API, you can cleanup the old operator deployment in the control plane namespace.
kubectl -n ${CONTROL_NAMESPACE} delete clusterrolebinding/tsb-operator-data-plane svc/tsb-operator-metrics-data-plane deployment/tsb-operator-data-plane
New gateways deletion
Due to an issue present in upstream Istio operator, the data plane operator in TSB version 0.8.3 is unable to delete the associated Kubernetes
resources deployed for a given gateway when such gateway is deleted. The result of this is that even if you delete the IngressGateway
, EgressGateway
or
Tier1Gateway
resources, the Kubernetes resources backing such gateway will not be deleted.
In order to clean up such resources, you will need to manually use kubectl
to delete the following resources in the namespace where the gateway object
was deployed to.
DATA_NAMESPACE=<NS-for-gw>
GATEWAY_NAME=<name-of-gw>
kubectl delete -n ${DATA_NAMESPACE} HorizontalPodAutoscaler ${GATEWAY_NAME}
kubectl delete -n ${DATA_NAMESPACE} Deployment ${GATEWAY_NAME}
kubectl delete -n ${DATA_NAMESPACE} PodDisruptionBudget ${GATEWAY_NAME}
kubectl delete -n ${DATA_NAMESPACE} Role ${GATEWAY_NAME}-sds
kubectl delete -n ${DATA_NAMESPACE} RoleBinding ${GATEWAY_NAME}-sds
kubectl delete -n ${DATA_NAMESPACE} Service ${GATEWAY_NAME}
kubectl delete -n ${DATA_NAMESPACE} ServiceAccount ${GATEWAY_NAME}-service-account
For instance, given the following IngressGateway
:
apiVersion: install.tetrate.io/v1alpha1
kind: IngressGateway
metadata:
name: middle
namespace: ingress
spec:
kubeSpec:
service:
type: LoadBalancer
The value for DATA_NAMESPACE
variable above would be ingress
and GATEWAY_NAME
would be middle
.