After using istioctl install command to install istio, then run the uninstall command to remove istio from the cluster, many resources will be removed, that also means, the install process created these resources during the install
When use this command to remove istio,
istioctl x uninstall --purge
The following things will happen:
Removed IstioOperator:istio-system:installed-state.
Removed HorizontalPodAutoscaler:istio-system:istio-ingressgateway.
Removed HorizontalPodAutoscaler:istio-system:istiod.
Removed PodDisruptionBudget:istio-system:istio-ingressgateway.
Removed PodDisruptionBudget:istio-system:istiod.
Removed Deployment:istio-system:istio-ingressgateway.
Removed Deployment:istio-system:istiod.
Removed Service:istio-system:istio-ingressgateway.
Removed Service:istio-system:istiod.
Removed ConfigMap:istio-system:istio.
Removed ConfigMap:istio-system:istio-sidecar-injector.
Removed Pod:istio-system:istio-ingressgateway-6968d58d88-9dq7k.
Removed Pod:istio-system:istiod-74d4864d8d-psjs8.
Removed ServiceAccount:istio-system:istio-ingressgateway-service-account.
Removed ServiceAccount:istio-system:istio-reader-service-account.
Removed ServiceAccount:istio-system:istiod-service-account.
Removed RoleBinding:istio-system:istio-ingressgateway-sds.
Removed RoleBinding:istio-system:istiod-istio-system.
Removed Role:istio-system:istio-ingressgateway-sds.
Removed Role:istio-system:istiod-istio-system.
Removed EnvoyFilter:istio-system:metadata-exchange-1.10.
Removed EnvoyFilter:istio-system:metadata-exchange-1.9.
Removed EnvoyFilter:istio-system:stats-filter-1.10.
Removed EnvoyFilter:istio-system:stats-filter-1.9.
Removed EnvoyFilter:istio-system:tcp-metadata-exchange-1.10.
Removed EnvoyFilter:istio-system:tcp-metadata-exchange-1.9.
Removed EnvoyFilter:istio-system:tcp-stats-filter-1.10.
Removed EnvoyFilter:istio-system:tcp-stats-filter-1.9.
Removed MutatingWebhookConfiguration::istio-sidecar-injector.
Removed ValidatingWebhookConfiguration::istiod-istio-system.
Removed ClusterRole::istio-reader-istio-system.
Removed ClusterRole::istiod-istio-system.
Removed ClusterRoleBinding::istio-reader-istio-system.
Removed ClusterRoleBinding::istiod-istio-system.
Removed CustomResourceDefinition::authorizationpolicies.security.istio.io.
Removed CustomResourceDefinition::destinationrules.networking.istio.io.
Removed CustomResourceDefinition::envoyfilters.networking.istio.io.
Removed CustomResourceDefinition::gateways.networking.istio.io.
Removed CustomResourceDefinition::istiooperators.install.istio.io.
Removed CustomResourceDefinition::peerauthentications.security.istio.io.
Removed CustomResourceDefinition::requestauthentications.security.istio.io.
Removed CustomResourceDefinition::serviceentries.networking.istio.io.
Removed CustomResourceDefinition::sidecars.networking.istio.io.
Removed CustomResourceDefinition::telemetries.telemetry.istio.io.
Removed CustomResourceDefinition::virtualservices.networking.istio.io.
Removed CustomResourceDefinition::workloadentries.networking.istio.io.
Removed CustomResourceDefinition::workloadgroups.networking.istio.io.
After istioctl operator init, there are these things created. The list is created when using the uninstall --purge.
Removed Deployment:istio-operator:istio-operator.
Removed Service:istio-operator:istio-operator.
Removed ServiceAccount:istio-operator:istio-operator.
Removed ClusterRole::istio-operator.
Removed ClusterRoleBinding::istio-operator.
Removed CustomResourceDefinition::istiooperators.install.istio.io.
After do the following:
kubectl apply -f - <<EOF
apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
metadata:
namespace: istio-operator
name: example-istiocontrolplane
spec:
profile: default
EOF
If remove everything, these are the things will be removed.
Removed IstioOperator:istio-system:example-istiocontrolplane.
Removed HorizontalPodAutoscaler:istio-system:istio-ingressgateway.
Removed HorizontalPodAutoscaler:istio-system:istiod.
Removed PodDisruptionBudget:istio-system:istio-ingressgateway.
Removed PodDisruptionBudget:istio-system:istiod.
Removed Deployment:istio-operator:istio-operator.
Removed Deployment:istio-system:istio-ingressgateway.
Removed Deployment:istio-system:istiod.
Removed Service:istio-operator:istio-operator.
Removed Service:istio-system:istio-ingressgateway.
Removed Service:istio-system:istiod.
Removed ConfigMap:istio-system:istio.
Removed ConfigMap:istio-system:istio-sidecar-injector.
Removed Pod:istio-system:istio-ingressgateway-6968d58d88-wcmvt.
Removed Pod:istio-system:istiod-84cb7c8f48-7q6rx.
Removed ServiceAccount:istio-operator:istio-operator.
Removed ServiceAccount:istio-system:istio-ingressgateway-service-account.
Removed ServiceAccount:istio-system:istio-reader-service-account.
Removed ServiceAccount:istio-system:istiod-service-account.
Removed RoleBinding:istio-system:istio-ingressgateway-sds.
Removed RoleBinding:istio-system:istiod-istio-system.
Removed Role:istio-system:istio-ingressgateway-sds.
Removed Role:istio-system:istiod-istio-system.
Removed EnvoyFilter:istio-system:metadata-exchange-1.10.
Removed EnvoyFilter:istio-system:metadata-exchange-1.9.
Removed EnvoyFilter:istio-system:stats-filter-1.10.
Removed EnvoyFilter:istio-system:stats-filter-1.9.
Removed EnvoyFilter:istio-system:tcp-metadata-exchange-1.10.
Removed EnvoyFilter:istio-system:tcp-metadata-exchange-1.9.
Removed EnvoyFilter:istio-system:tcp-stats-filter-1.10.
Removed EnvoyFilter:istio-system:tcp-stats-filter-1.9.
Removed MutatingWebhookConfiguration::istio-sidecar-injector.
Removed ValidatingWebhookConfiguration::istiod-istio-system.
Removed ClusterRole::istio-operator.
Removed ClusterRole::istio-reader-istio-system.
Removed ClusterRole::istiod-istio-system.
Removed ClusterRoleBinding::istio-operator.
Removed ClusterRoleBinding::istio-reader-istio-system.
Removed ClusterRoleBinding::istiod-istio-system.
Removed CustomResourceDefinition::authorizationpolicies.security.istio.io.
Removed CustomResourceDefinition::destinationrules.networking.istio.io.
Removed CustomResourceDefinition::envoyfilters.networking.istio.io.
Removed CustomResourceDefinition::gateways.networking.istio.io.
Removed CustomResourceDefinition::istiooperators.install.istio.io.
Removed CustomResourceDefinition::peerauthentications.security.istio.io.
Removed CustomResourceDefinition::requestauthentications.security.istio.io.
Removed CustomResourceDefinition::serviceentries.networking.istio.io.
Removed CustomResourceDefinition::sidecars.networking.istio.io.
Removed CustomResourceDefinition::telemetries.telemetry.istio.io.
Removed CustomResourceDefinition::virtualservices.networking.istio.io.
Removed CustomResourceDefinition::workloadentries.networking.istio.io.
Removed CustomResourceDefinition::workloadgroups.networking.istio.io.
In operator case, the deployment of istio-operator uses image docker.io/istio/operator:1.10.2 which deploys into namespace istio-operatorby default. it will only create the operator crd, only when control plan gets created by using the following command:
kubectl apply -f - <<EOF
apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
metadata:
namespace: istio-system
name: example-istiocontrolplane
spec:
profile: default
EOF
Then all other crds will be created. The deployment of istiod will use docker.io/istio/pilot:1.10.2, istiod (or pilot) is now only watching the cluster, does the certificate and configuration. It is not doing what istio operator does which is to accept crd then convert them to various k8s resources. If just use istioctl, then there is no operator to interpret these requests, istioctl will convert all the request and create k8s resources, vs in operator case, it is the operator takes the request and create k8s resources.
No comments:
Post a Comment