This documentation is for the Latest version of Knative serving, which uses fleets and Anthos Service Mesh. Learn more.

The past version (Cloud Run for Anthos) has been archived but the documentation remains available for existing users.

Available versions

Latest
Archive

Migrate the bundled Istio to Cloud Service Mesh

These steps are specific to the bundled version of Istio that is included by default with the Knative serving "GKE add-on".

Since the bundled version of Istio is uninstalled when you performed the process of uninstalling the Knative serving "GKE add-on", the steps on this page install Cloud Service Mesh on your cluster and then configures your ingress gateway.

Before you begin

You must first review and ensure that you meet the requirements for upgrading.
The commands on this page use the environment variables and migration script from the upgrade preparation step.
It is important that you perform each step of this process in the specified order.

Overview

In general, the process for installing Cloud Service Mesh when migrating from the bundled version of Istio, is the same process as performing a clean Cloud Service Mesh installation. In this process Cloud Service Mesh version 1.18 is installed with the In-cluster control plane.

Install Cloud Service Mesh version 1.18

You use the Cloud Service Mesh installation documentation to install Cloud Service Mesh.

Before you begin:

For the migration, the ingress gateway must be installed separately during the subsequent configuration steps. The installation script won't install the ingress gateway by default.
Optional: If you use Cloud Service Mesh certificate authority (Mesh CA), you must also include the --ca mesh_ca flag with the Cloud Service Mesh installation script.

To install Cloud Service Mesh:

Follow the steps in the Cloud Service Mesh documentation: Install Cloud Service Mesh version 1.18

Example

The following is an example of the default command that includes the required flag:

./asmcli install \
  --project_id ${PROJECT_ID} \
  --cluster_name ${CLUSTER_NAME} \
  --cluster_location ${CLUSTER_LOCATION} \
  --ca mesh_ca \
  --output_dir DIR_PATH \
  --enable_all

Configure Cloud Service Mesh ingress

In this section, the migration script is used to create the Cloud Service Mesh ingress gateway within the gke-system namespace.

For the migration, the gke-system namespace is used so that the ingress gateway is placed within the same namespace used by the recently removed "bundled Istio". Therefore, the Cloud Service Mesh ingress pods can seamlessly takeover traffic without any required configuration changes to the ingress service. For example, you do not need to configure a new external IP address.

To create the ingress gateway within the gke-system namespace, run the following command to start the migration script:

./migration-addon.sh --command set-up-asm-ingress

The terminal output during the process looks similar to the following:

Setting up Cloud Service Mesh ingress. Note that the Cloud Service Mesh ingress is not
serving traffic at this step.
namespace/gke-system labeled
deployment.apps/istio-ingressgateway created
horizontalpodautoscaler.autoscaling/istio-ingressgateway created
role.rbac.authorization.k8s.io/istio-ingressgateway-sds created
rolebinding.rbac.authorization.k8s.io/istio-ingressgateway-sds created
Cloud Service Mesh ingress is successfully installed.

Verify that the istio-ingrerssgateway ingress gateway is running in the gke-system namespace by running the following command:
```
kubectl get deployment istio-ingressgateway -n gke-system
```
Note that the number of istio-ingressgateway pods is intentionally 0. After installing the Knative serving fleet component, there is a subsequent step to migrate all traffic to the Cloud Service Mesh ingress.

What's next

Install the fleet component

Rollback

If you need to rollback the changes that you made through the preceding steps, you can use the migration script to:

Delete the Cloud Service Mesh ingress gateway.
Uninstall Cloud Service Mesh.

To rollback the Cloud Service Mesh configuration and installation:

Run the following command to start the rollback.

./migration-addon.sh --command rollback-set-up-asm-ingress

The terminal output during the process looks similar to the following:

Deleting Cloud Service Mesh ingress
deployment.apps "istio-ingressgateway" deleted
horizontalpodautoscaler.autoscaling "istio-ingressgateway" deleted
role.rbac.authorization.k8s.io "istio-ingressgateway-sds" deleted
rolebinding.rbac.authorization.k8s.io "istio-ingressgateway-sds" deleted
Cloud Service Mesh ingress is successfully deleted.

To verify that the Cloud Service Mesh ingress gateway was removed, check that the istio-ingressgateway service no longer exists in the gke-system namespace:
```
kubectl get deployment istio-ingressgateway -n gke-system
```
Uninstall Cloud Service Mesh
To continue rolling back all the changes to your installations original state, rollback the Knative serving "GKE add-on".