Intermittently we are seeing 504 gateway time out (504) errors when accessing application from browser. We upgraded istio from 1.4.3 to 1.6.5. There was no issue with 1.4.3.
Basically if you want to upgrade istio from 1.4.x to 1.6.x you should first upgrade from 1.4.x to 1.5.x, then upgrade from 1.5.x to 1.6.x
I have followed a theme on istio discuss about upgrade created by#laurentiuspurba.
I have changed it a little for your use case, so an upgrade from 1.4.3 to 1.5.0, then from 1.5.0 to 1.6.8
Take a look at below steps, before using that on your environment I would suggest to test that on some test environment.
1.Follow istio documentation and install istioctl 1.4.3 and 1.5 with:
curl -L https://istio.io/downloadIstio | ISTIO_VERSION=1.4.3 sh -
curl -L https://istio.io/downloadIstio | ISTIO_VERSION=1.5.0 sh -
curl -L https://istio.io/downloadIstio | ISTIO_VERSION=1.6.8 sh -
2.Add the istioctl 1.4.3 to your path
cd istio-1.4.3
export PATH=$PWD/bin:$PATH
3.Install istio 1.4.3
istioctl manifest generate > $HOME/generated-manifest.yaml
kubectl create namespace istio-system
kubectl apply -f generated-manifest.yaml
4.Check if everything works correct.
kubectl get pod -n istio-system
kubectl get svc -n istio-system
istioctl version
5.Add the istioctl 1.5 to your path
cd istio-1.5.0
export PATH=$PWD/bin:$PATH
6.Install istio operator for future upgrade.
istioctl operator init
7.Prepare IstioOperator.yaml
nano IstioOperator.yaml
apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
metadata:
namespace: istio-system
name: example-istiocontrolplane
spec:
profile: default
tag: 1.5.0
8.Before the upgrade use below commands
kubectl -n istio-system delete service/istio-galley deployment.apps/istio-galley
kubectl delete validatingwebhookconfiguration.admissionregistration.k8s.io/istio-galley
9.Upgrade from 1.4.3 to 1.5 with istioctl upgrade and prepared IstioOperator.yaml
istioctl upgrade -f IstioOperator.yaml
10.After the upgrade use below commands
kubectl -n istio-system delete deployment istio-citadel istio-galley istio-pilot istio-policy istio-sidecar-injector istio-telemetry
kubectl -n istio-system delete service istio-citadel istio-policy istio-sidecar-injector istio-telemetry
kubectl -n istio-system delete horizontalpodautoscaler.autoscaling/istio-pilot horizontalpodautoscaler.autoscaling/istio-telemetry
kubectl -n istio-system delete pdb istio-citadel istio-galley istio-pilot istio-policy istio-sidecar-injector istio-telemetry
kubectl -n istio-system delete deployment istiocoredns
kubectl -n istio-system delete service istiocoredns
11.Check if everything works correct.
kubectl get pod -n istio-system
kubectl get svc -n istio-system
istioctl version
12.I have deployed a bookinfo app to check if everything work correct.
kubectl label namespace default istio-injection=enabled
kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml
kubectl apply -f samples/bookinfo/networking/bookinfo-gateway.yaml
13.Results
curl -v xx.xx.xxx.xxx/productpage | grep HTTP
HTTP/1.1 200 OK
istioctl version
client version: 1.5.0
control plane version: 1.5.0
data plane version: 1.5.0 (8 proxies)
14.Add the istioctl 1.6.8 to your path
cd istio-1.6.8
export PATH=$PWD/bin:$PATH
15.Prepare IstioOperator.yaml
nano IstioOperator.yaml
apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
metadata:
namespace: istio-system
name: example-istiocontrolplane
spec:
profile: default
tag: 1.6.8
16.Upgrade from 1.5.0 to 1.6.8 with istioctl upgrade and prepared IstioOperator.yaml
istioctl upgrade -f IstioOperator.yaml
17.To upgrade the Istio data plane, you will need to re-inject it.
If you’re using automatic sidecar injection, you can upgrade the sidecar by doing a rolling update for all the pods:
kubectl rollout restart deployment --namespace <namespace with auto injection>
If you’re using manual injection, you can upgrade the sidecar by executing:
kubectl apply -f < (istioctl kube-inject -f <original application deployment yaml>)
18.Results
curl -v xx.xx.xxx.xxx/productpage | grep HTTP
HTTP/1.1 200 OK
istioctl version
client version: 1.6.8
control plane version: 1.6.8
data plane version: 1.6.8 (8 proxies)
Hope you find this useful. If you have any questions let me know.
default timeout = 15 sec.
you can set an explicit timeout in the Virtual Service
Related
I have a c++ grpc server image running on GKE kubernetes and I was trying to profile with heaptrack.
in the docker image I installed heaptrack via apt-get, leaving out unrelated stuff the dockerfile looks like this
FROM ubuntu:20.04 as build
.....
RUN apt-get update && apt install -y software-properties-common && \
apt-get -y --no-install-recommends install \
....
heaptrack
...
ENTRYPOINT ["heaptrack", "./grpc_server"]
this creates a docker image which I store on google container registry
I then deploy the image via a yaml file
apiVersion: apps/v1
kind: Deployment
metadata:
name: app
labels:
app: app
spec:
selector:
matchLabels:
app: app
template:
metadata:
labels:
app: app
spec:
containers:
- name: grpc-server
image: grpc_server_container_repo
resources:
requests:
memory: "54Gi"
cpu: "14"
limits:
memory: "64Gi"
cpu: "16"
ports:
- name: grpc
containerPort: 8080
after I deployed the image I ssh into the container with the command
kubectl exec -it app-6c88bd5854-98dg4 -c grpc-server -- /bin/bash
and I saw the file
heaptrack.grpc_server.1.gz
despite the server still running
I opened this file using heaptrack_gui but it shows total runtime as ~2s, I make a couple request to the server and this file is never updated again. I tried running
ps -aux
in the container and I can see
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.0 2608 1728 ? Ss 08:49 0:00 /bin/sh /usr/bin/heaptrack ./grpc_server
root 20 0.4 0.0 1817048 31340 ? Sl 08:49 0:06 ./grpc_server
root 113 0.0 0.0 4240 3516 pts/0 Ss 09:08 0:00 /bin/bash
root 125 0.0 0.0 6136 2928 pts/0 R+ 09:12 0:00 ps -aux
seems like I have 2 running instance of the server, one with heaptrack the other don't. I'm not sure what's going on here and was hoping someone can point me some direction to how can I profile a running server on k8s with heaptrack.
I am trying to install an application through .ebextensions in my elasticbeanstalk stack. I've followed the doc here for advanced environment customization. This is my config:
files:
"/tmp/software.sh" :
mode: "000755"
owner: root
group: root
content: |
#!/bin/bash
wget https://website.net/software/software-LATEST-1.x86_64.rpm
software-LATEST-1.x86_64.rpm
sed -i -e '$a\
*.* ##127.0.0.1:1514;RSYSLOG_FileFormat' /etc/rsyslog.conf
/sbin/service rsyslog restart
/sbin/service software start
container_commands:
01_run:
command: "/tmp/software.sh"
When applying the config I receive an error that the command "service" is not found even though I point to the location of the service command in /sbin/service. I've tried a lot of different things but I always get this error. Running the script manually on the host works without any issue.
The image the stack is using is Amazon Linux release 2 (Karoo)
The specific error message is:
[3744211/3744211]\n\n/tmp/[01;31m[Kalert[m[K_software.sh: line 8: service: command not found\n/tmp/[01;31m[Kalert[m[K_software.sh: line 9: service: command not found. \ncontainer_command 02_run in .eb[01;31m[Kextensions[m[K/[01;31m[Kalert[m[K-software.config failed. For more detail, check /var/log/eb-activity.log using console or EB CLI","returncode":127,"events":
My co-worker tried to install the software a different way and it worked. This is what worked:
install.config >>
01_install_software:
command: rpm -qa | grep -qw software || yum -y -q install https://website.net/software/software-LATEST-1.x86_64.rpm
02_update_rsyslog:
command: sed -i -e '$a*.* ##127.0.0.1:1514;RSYSLOG_FileFormat' -e '/*.* ##127.0.0.1:1514;RSYSLOG_FileFormat/d' /etc/rsyslog.conf
03_restart_rsyslog:
command: service rsyslog restart
services.config >>
services:
sysvinit:
rsyslog:
enabled: "true"
ensureRunning: "true"
software:
enabled: "true"
ensureRunning: "true"
I'm trying to follow this tutorial on AWS ECS integration that mentions the Docker command docker compose convert that is supposed to generate a AWS CloudFormation template.
However, when I run this command, it doesn't appear to exist.
$ docker-compose convert
No such command: convert
#...
$ docker compose convert
docker: 'compose' is not a docker command.
See 'docker --help'
$ docker context create ecs myecscontext
"docker context create" requires exactly 1 argument.
See 'docker context create --help'.
Usage: docker context create [OPTIONS] CONTEXT
Create a context
$ docker --version
Docker version 19.03.13, build 4484c46
$ docker-compose --version
docker-compose version 1.25.5, build unknown
$ docker version
Client:
Version: 19.03.13
API version: 1.40
Go version: go1.13.8
Git commit: 4484c46
Built: Thu Oct 15 18:34:11 2020
OS/Arch: linux/amd64
Experimental: false
Server:
Engine:
Version: 19.03.11
API version: 1.40 (minimum version 1.12)
Go version: go1.13.12
Git commit: 77e06fd
Built: Mon Jun 8 20:24:59 2020
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: v1.2.13
GitCommit: 7ad184331fa3e55e52b890ea95e65ba581ae3429
runc:
Version: 1.0.0-rc10
GitCommit:
docker-init:
Version: 0.18.0
GitCommit: fec3683
$ docker info
Client:
Debug Mode: false
Server:
Containers: 12
Running: 3
Paused: 0
Stopped: 9
Images: 149
Server Version: 19.03.11
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 7ad184331fa3e55e52b890ea95e65ba581ae3429
runc version:
init version: fec3683
Security Options:
apparmor
seccomp
Profile: default
Kernel Version: 5.8.0-29-generic
Operating System: Ubuntu Core 16
OSType: linux
Architecture: x86_64
CPUs: 16
Total Memory: 7.202GiB
Name: HongLee
ID: GZ5R:KQDD:JHOJ:KCUF:73AE:N3NY:MWXS:ABQ2:2EVY:4ABJ:H375:J64V
Docker Root Dir: /var/snap/docker/common/var-lib-docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
Any ideas?
To get the ECS integration, you need to be using an ECS docker context. First, enable the experimental flag in /etc/docker/daemon.json
// /etc/docker/daemon.json
{
"experimental": true
}
Then create the context:
docker context create ecs myecscontext
docker context use myecscontext
$ docker context ls
NAME TYPE DESCRIPTION DOCKER ENDPOINT KUBERNETES ENDPOINT ORCHESTRATOR
default moby Current DOCKER_HOST based configuration unix:///var/run/docker.sock [redacted] (default) swarm
myecscontext * ecs
Now run convert:
$ docker compose convert
WARN[0000] services.build: unsupported attribute
AWSTemplateFormatVersion: 2010-09-09
Resources:
AdminwebService:
DependsOn:
- AdminwebTCP80Listener
Properties:
Cluster:
...
You're running on Ubuntu. The /usr/bin/docker installed (even with latest docker-ce 20.10.6) does not enable the docker compose subcommand. It is enabled by default on Docker for Desktop Windows or Mac.
See the Linux installation instructions at https://github.com/docker/compose-cli to download and configure so that docker compose works.
There's a curl|bash script for Ubuntu or just download the latest release, put that docker executable into a PATH directory before /usr/bin/ and make sure the original docker is available as com.docker.cli e.g. ln -s /usr/bin/docker ~/bin/com.docker.cli.
I am trying to setup the kubectl tool in my machine to remotely manage Kubernetes cluster and also to use Helm. I am trying in Ubuntu 16.04 machine.
I am following the official Kubernetes documentation from the following link,
https://kubernetes.io/docs/tasks/tools/install-kubectl/
I ran the following commands,
sudo apt-get update && sudo apt-get install -y apt-transport-https
curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -
echo "deb https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee -a /etc/apt/sources.list.d/kubernetes.list
sudo apt-get update
sudo apt-get install -y kubectl
And after when I am running the 'kubectl version' command to verify the installation , I am getting the following ,
Client Version: version.Info{Major:"1", Minor:"14", GitVersion:"v1.14.1",
GitCommit:"b7394102d6ef778017f2ca4046abbaa23b88c290", GitTreeState:"clean",
BuildDate:"2019-04-08T17:11:31Z", GoVersion:"go1.12.1", Compiler:"gc",
Platform:"linux/amd64"}
Error from server (Forbidden): <html><head><meta http-equiv='refresh'
content='1;url=/login?from=%2Fversion%3Ftimeout%3D32s'/>
<script>window.location.replace('/login?from=%2Fversion%3Ftimeout%3D32s');
</script></head><body style='background-color:white; color:white;'>
Authentication required
<!--
You are authenticated as: anonymous
Groups that you are in:
Permission you need to have (but didn't): hudson.model.Hudson.Read
... which is implied by: hudson.security.Permission.GenericRead
... which is implied by: hudson.model.Hudson.Administer
-->
And also not finding the '~/.kube/config' file in machine.
Why do I get this authentication error when checking the kubectl version?
You have to manually copy .kube/ directory from you cluster node into your local ~/.kube
If you don't have .kube/ on the master node, copy it from /etc/kubernetes/kube.conf
mkdir $HOME/.kube
scp root#<master-public-ip>:/etc/kubernetes/kubelet.conf $HOME/.kube/config
You can also define the filepath of kubeconfig by passing in --kubeconfig parameter, i.e.
kubectl version --kubeconfig ~/.kube/config
Here is a post about kubectl run command - http://kubernetes.io/docs/user-guide/kubectl/kubectl_run/
I have tried to run the docker container with the -i option, like in the example:
# Start a single instance of busybox and keep it in the foreground, don't restart it if it exits.
kubectl run -i --tty busybox --image=busybox --restart=Never
However, kubectl says that -i is an unknown command.
Error: unknown shorthand flag: 'i' in -i
Run 'kubectl help' for usage.
Any ideas?
It's likely that your kubectl client is out of date, because your command line works for me:
$ kubectl version
Client Version: version.Info{Major:"1", Minor:"2", GitVersion:"v1.2.0", GitCommit:"5cb86ee022267586db386f62781338b0483733b3", GitTreeState:"clean"}
Server Version: version.Info{Major:"1", Minor:"2", GitVersion:"v1.2.2", GitCommit:"528f879e7d3790ea4287687ef0ab3f2a01cc2718", GitTreeState:"clean"}
$ kubectl run -i --tty busybox --image=busybox --restart=Never
Waiting for pod default/busybox-dikev to be running, status is Pending, pod ready: false
Hit enter for command prompt
/ #