Upgrading to Istio 1.6 with Operator

This page describes how to upgrade to Istio 1.6 with Operator in advance of migrating to open source Istio.

Starting with version 1.6, the Istio on Google Kubernetes Engine add-on uses the Istio Operator for installation and configuration . The Istio Operator follows the Kubernetes Operator pattern. The Operator lets you configure Istio by defining a Kubernetes custom resource definition (CRD) for the Istio installation. The Operator then uses a controller to make changes to the installation to match the custom resource.

When you upgrade your cluster to 1.17.17-gke.3100+, 1.18.16-gke.1600+, or 1.19.8-gke.1600+, the Istio 1.6 Operator and control plane are installed alongside the existing 1.4.x Istio control plane. The upgrade requires user action and uses revisions to migrate your workloads to the new control plane. With a revision-based upgrade, you migrate to the 1.6 version by setting a label on your workloads to point to the new control plane and performing a rolling restart.

We aren't releasing a 1.5 version of the Istio on Google Kubernetes Engine add-on. Version 1.6 is the version that we release after 1.4.10.

Istio Operator benefits

The Operator allows for greater installation configurability. In versions of the add-on prior to 1.6, the GKE add-on manager reconciles any changes to the Istio manifest and prevents most types of configuration changes. The Istio Operator doesn't have this limitation. The Operator generates an Istio control plane installation manifest based on the IstioOperator custom resource (CR) that you provide during installation. This CR is completely under your control and is never reconciled.

Upgrading to Istio 1.6 with Operator

You must do the steps in this section to upgrade to Istio 1.6 with Operator.

You only need to do these steps once to transition to the Operator. Subsequent upgrades follow the dual control plane upgrade process.

  1. Select a GKE version that includes Istio 1.6 (1.17.17-gke.3100+, 1.18.16-gke.1600+, 1.19.8-gke.1600+) and upgrade your cluster.

    Note that the Istio on Google Kubernetes Engine add-on with Istio 1.6 installs two versions of Istio:

    • The static manifest version controlled by the add-on manager (which is active after you upgrade your cluster).

    • The 1.6 version controlled by the Operator (which is inactive until enabled). The inactive 1.6 version doesn't connect to any proxies and consumes negligible cluster resources.

    If the currently installed version of Istio differs from the version in the target static manifest, upgrading the cluster might also perform an in-place upgrade of Istio. For example, if your cluster is currently running Istio 1.4.6-gke.0 and you select GKE cluster version 1.17.7-gke.3100, your Istio control plane is upgraded to 1.4.10-gke.0 (or higher) as part of the upgrade.

    To ensure that your cluster version is recent enough, run the following command:

    kubectl get ns istio-system --show-labels | if [[ $(grep EnsureExists) ]];
    then echo "Version is recent enough"; else echo "Need more recent version"; fi
    

    The console output indicates whether the cluster version is recent enough.

  2. Download the upgrade-14-16 script:

    curl -LO https://storage.googleapis.com/csm-artifacts/asm/upgrade-14-16
    

    You can view the script on GitHub.

  3. Make the script executable:

    chmod +x upgrade-14-16
    
  4. Make sure that kubectl is configured to the cluster that you want to upgrade.

    gcloud container clusters get-credentials cluster-name
    

    where cluster-name is the name of the cluster.

  5. Run the script:

    ./upgrade-14-16
    

    The script guides you through the migration process for a single cluster.

  6. To migrate another cluster, run the tool with the --reset flag:

    ./upgrade-14-16 --reset
    

    Then repeat steps 4 and 5.