![install controlplane install controlplane](https://i.pinimg.com/originals/a4/ba/3f/a4ba3fd9f3e636717e1261b0abc214b9.jpg)
My source of truth is the Deployment definition and I have taken a deeper look into the PDB. Depends on which definition is your source of truth. The reason for that is a wrong label selector in the PDB or a wrong label in the Deployment definition for the Sidecar Injector. If you took a deeper look at the screenshot of the PDBs output, you recognized already that the allowed disruptions column for the Sidecar Injector states 0 instead of 1. Thus, cluster upgrade, cluster autoscaler scale-in and automatic node reboot operations via kured are possible again. set .enabled=trueĪfterwards the PDBs output looks different and presents us with the information that a disruption is now allowed. The following command installs an HA Istio control plane into an Azure Kubernetes Service cluster. The minimal required setup for an HA Istio control plane consists of two pods for each Istio component except 3 rd party services. The best solution to solve the blocking operations issue is a high available Istio control plane.īeside solving the issue, we add more robustness to the Istio Service Mesh itself.
![install controlplane install controlplane](https://www.modelairplanenews.com/wp-content/uploads/2015/01/32.jpg)
set =falseīut that weakens a non-high available control plane even more. The solution can be an easy one deploying Istio without the default PDBs. So, pretty much every useful operation in AKS regarding the underlying nodes is blocked. Which operations are blocked by the PDBs?Ĭluster upgrade, cluster autoscaler scale-in and automatic node reboot operations, when using kured in the AKS cluster. Even the HPA covered components can be blocking, when only one pod is running. That leaves the Istio components Citadel, Galley and the Sidecar Injector with their PDBs as a blocking component for specific operations in the AKS cluster. Beside that the Istio Ingress Gateway, Pilot, Policy (Mixer) and Telemetry (Mixer) have an HPA assigned for autoscaling. Per default Istio gets installed with a PodDisruptionBudget for every control plane component except for 3 rd party services like Prometheus or Grafana.Īll PDBs specifying a minimum availability of one pod for the control plane components.
#Install controlplane install#
When you install Istio with the default profile, as mentioned in the Istio documentation, you get a non-high available control plane. Lately I worked intensively with Istio and focused especially on the topic high availability of the Istio control plane.