common: Remove PodDisruptionBudget resources for Istio

Istio 1.6.0 generated manifests include some policy/v1 PodDisruptionBudget resources that we need to remove. See: - istio/istio#12602 - istio/istio#24000 The current manifests utilize two "delete" patches: - common/istio-1-16/istio-install/base/patches/remove-pdb.yaml - common/istio-1-16/cluster-local-gateway/base/patches/remove-pdb.yaml However these patches do not work with kustomize v3.2.0. The root cause is that v3.2.0 doesn't have the appropriate openapi schema for the policy/v1 API version resources. This is fixed in kustomize v4+. See: - kubernetes-sigs/kustomize#3694 (comment) - kubernetes-sigs/kustomize#4495 Changes: - We disable the delete patches until we upgrade to kustomize v4+. - tracked in: kubeflow#1797 - As a temporary workaraound we remove PodDisruptionBudget resources manually with yq before deploying Istio manifests. - Update README file with instructions. Refs: kubeflow#2325 Signed-off-by: Apostolos Gerakaris <apoger@arrikto.com>
apo-ger · Nov 22, 2022 · 03014d6 · 03014d6
1 parent dc435da
commit 03014d6
Show file tree

Hide file tree

Showing 7 changed files with 1,769 additions and 1,824 deletions.
diff --git a/common/istio-1-16/README.md b/common/istio-1-16/README.md
@@ -63,6 +63,33 @@ old version is `X1.Y1.Z1`:
 
     ---
 
+5. Remove PodDisruptionBudget from `istio-install` and `cluster-local-gateway` kustomizations. 
+   See:
+    - https://github.com/istio/istio/issues/12602 
+    - https://github.com/istio/istio/issues/24000
+
+   Until now we have used two patches:
+   - `common/istio-1-16/istio-install/base/patches/remove-pdb.yaml`
+   - `common/istio-1-16/cluster-local-gateway/base/patches/remove-pdb.yaml`
+
+   The above patches do not work with kustomize v3.2.0 as it doesn't have the appropriate 
+   openapi schemas for the policy/v1 API version resources. This is fixed in kustomize v4+. 
+   See:
+   - https://github.com/kubernetes-sigs/kustomize/issues/3694#issuecomment-799700607
+   - https://github.com/kubernetes-sigs/kustomize/issues/4495
+
+   A temporary workaround is to delete these resources manually with `yq`: 
+
+        $ yq eval -i 'select((.kind == "PodDisruptionBudget" and .metadata.name == "cluster-local-gateway") | not)' common/istio-1-16/cluster-local-gateway/base/cluster-local-gateway.yaml
+        $ yq eval -i 'select((.kind == "PodDisruptionBudget" and .metadata.name == "istio-ingressgateway") | not)' common/istio-1-16/istio-install/base/install.yaml
+        $ yq eval -i 'select((.kind == "PodDisruptionBudget" and .metadata.name == "istiod") | not)' common/istio-1-16/istio-install/base/install.yaml
+
+   ---
+   **NOTE**
+
+   NOTE: Make sure to remove a redundant {} at the end of the `common/istio-1-16/istio-install/base/install.yaml` and `common/istio-1-16/cluster-local-gateway/base/cluster-local-gateway.yaml` files.
+   ---
+
 ## Changes to Istio's upstream manifests
 
 ### Changes to the upstream IstioOperator profile