Closed ca-scribner closed 2 months ago
ca-scribner
commented
1 year ago Closed as wontfix because it applies only to v1.12, and because users can work around this by removing and redeploying the application. If there's a really compelling need, we might be able to work around this by reconfiguring the upgrade command and vendoring the needed files, but it doesn't appear worth the effort.
NohaIhab
commented
1 year ago reopening this to provide a workaround was able to reproduce the issue by these steps:
juju deploy istio-pilot --trust --channel=1.11/stablejuju download istio-pilot --channel=1.12/stablejuju refresh istio-pilot --path=./<local-charm-path>result: istio-pilot stuck in error state
istio-pilot charm container logs:
[container-agent] WARNING upgrade-charm info Error: failed to generate Istio configs from file [] for the current version: 1.11.0, error: Get "https://github.com/istio/istio/releases/download/1.11.0/istio-1.11.0-linux-amd64.tar.gz": dial tcp 140.82.114.4:443: i/o timeout
[container-agent] WARNING upgrade-charm
[container-agent] WARNING upgrade-charm Error: failed to generate Istio configs from file [] for the current version: 1.11.0, error: Get "https://github.com/istio/istio/releases/download/1.11.0/istio-1.11.0-linux-amd64.tar.gz": dial tcp 140.82.114.4:443: i/o timeout
istio-pilot v1.12+ uses
istioctlto upgrade the istio daemon service. Version 1.12 ofistioctlrequires internet connectivity (specifically to github) to do this upgrade (see more background in this thread). This causes a problem for secured deployments (behind a strict proxy, offline, etc), preventing istio-pilot from being upgraded.As a workaround, to upgrade from v1.11 to 1.12 users can remove the istio-pilot v1.11 application and then deploy a new istio-pilot v1.12. This will result in v1.12 of istiod being deployed, but will also remove the Istio CRDs in the process (which could lose user data, say if they use VirtualServices for their own applications).