Document use of ambient wrapper chart in 1.23 install/upgrade guides #15279
Conversation
istio-testing
added
the
size/L
bleggett
changed the title
| @@ -28,7 +28,21 @@ we encourage the use of Helm to install Istio for use in ambient mode. Helm help | |||
|
|
|||
| *See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation.* | |||
|
|
|||
| ## Install the components | |||
| {{< gloss "ambient" >}}Ambient{{< /gloss >}} is made up of multiple components - for production deployments, it is strongly recommended to install the components separately to allow for more control during upgrades. Consult the [operations guidelines](/docs/ops/deployment) for production deployment considerations. | |||
There was a problem hiding this comment.
| {{< gloss "ambient" >}}Ambient{{< /gloss >}} is made up of multiple components - for production deployments, it is strongly recommended to install the components separately to allow for more control during upgrades. Consult the [operations guidelines](/docs/ops/deployment) for production deployment considerations. | |
| Istio comprises many components (control plane, data plane, custom resources, etc). For production deployments, it is strongly recommended to install the components separately to allow for fine grained control during upgrades. Consult the [operations guidelines](/docs/ops/deployment) for production deployment considerations. |
so is sidecar mode. At least three of the charts are shared?
Does the operations docs actually talk about what you should do differently? Is it a scaling suggestion? (You wouldn't scale istio-cni and I doubt you'd scale ztunnel)
There was a problem hiding this comment.
so is sidecar mode. At least three of the charts are shared?
Yeah, this is sort of boilerplate. I'll enhance to mention that some components have different impacts on app traffic and node health than others (data plane vs control plane, really) and this impacts upgrade cadence considerations.
Does the operations docs actually talk about what you should do differently? Is it a scaling suggestion? (You wouldn't scale istio-cni and I doubt you'd scale ztunnel)
Scaling, and upgrade cadence.
Really, this should link to
https://preliminary.istio.io/latest/docs/ops/best-practices/deployment/
and that should be built out. I'll do that as part of this.
There was a problem hiding this comment.
Actually - what I was kinda hoping is that we could just link to wherever this #15247 ends up (under /ops/ or wherever) as the "recommended/opinionated production setup".
maybe even dropping the "individual install" instructions and just having
- simple chart install/upgrade with caveats as the landing page, which links out to...
- Expand Ambient Canary Upgrade Instructions #15247 as an "opinionated production deployment" model.
@therealmitchconnors thoughts?
There was a problem hiding this comment.
Started reviewing this a bit further and realised the same thing - we need to treat all of these holistically (and think about how we're going to include this content in the general Istio install/upgrade docs as ambient moves to GA.) I'll stand down, but it would be great to get this chart included in the Getting Started guide (at least for 1.23, if not 1.22)
I don't think I meant that last part
|
/test gencheck |
|
/test doc.test.profile-default |
|
/retest-required |
|
Do we want to have this in get started guide as the wrapper chart is mainly to show how simple it is to install Istio for demo purpose? Just to recap some discussion from Monday's TOC, unfortunately the attendance is relative low, but folks on the call @therealmitchconnors @keithmattix @howardjohn and myself prefer to have the simple 1 helm install for demo purpose (or consider using helmfile as an alternative if we choose not to publish the wrapper chart). One primary concern is not to show people multiple ways to do Install within 1 install method (which is helm here) and the existing helm install instructions offer more flexibility than the wrapper chart. Please correct me if I am wrong here in capturing the discussion. |
👍 I'll make that change, it makes sense. |
|
The other key part of the TOC discussion was to move this chart wrapper under |
👍 I assume that's |
bleggett
force-pushed
the
bleggett/ambient-helm-wrapperchart
branch
2 times, most recently
from
77f6e1e
to
dae5c5e
Compare
|
@linsun @craigbox et al - PTAL:
tweaked wording and such. Chart move PR: istio/istio#52013 Chart publish under "samples" PR: istio/release-builder#1901 |
istio-testing
added
the
needs-rebase
Signed-off-by: Benjamin Leggett <benjamin.leggett@solo.io>
Signed-off-by: Benjamin Leggett <benjamin.leggett@solo.io>
Signed-off-by: Benjamin Leggett <benjamin.leggett@solo.io>
Signed-off-by: Benjamin Leggett <benjamin.leggett@solo.io>
bleggett
force-pushed
the
bleggett/ambient-helm-wrapperchart
branch
from
3207e05
to
8f6c1a6
Compare
istio-testing
removed
the
needs-rebase
|
@bleggett: The following test failed, say
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
| @@ -28,7 +28,21 @@ we encourage the use of Helm to install Istio for use in ambient mode. Helm help | |||
|
|
|||
| *See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation.* | |||
|
|
|||
| ## Install the components | |||
| Istio is made up of multiple components which belong to either the {{< gloss >}}data plane{{< /gloss >}} or {{< gloss >}}control plane{{< /gloss >}}, and different components may have different effects on your applications when upgraded - for production deployments, it is strongly recommended to install the components separately to allow for more control during upgrades. Consult the [operations guidelines](/docs/ops/best-practices/deployment/) for production deployment considerations. | |||
There was a problem hiding this comment.
| Istio is made up of multiple components which belong to either the {{< gloss >}}data plane{{< /gloss >}} or {{< gloss >}}control plane{{< /gloss >}}, and different components may have different effects on your applications when upgraded - for production deployments, it is strongly recommended to install the components separately to allow for more control during upgrades. Consult the [operations guidelines](/docs/ops/best-practices/deployment/) for production deployment considerations. | |
| Istio comprises multiple components in its {{< gloss >}}data plane{{< /gloss >}} and {{< gloss >}}control plane{{< /gloss >}}. Upgrading these components can impact the availability of your applications. For production deployments, it is strongly recommended to install the Istio components separately, which allows you to control the order of upgrades. | |
| Consult the [operations guidelines](/docs/ops/best-practices/deployment/) for production deployment considerations. |
| ## Install the components | ||
| Istio is made up of multiple components which belong to either the {{< gloss >}}data plane{{< /gloss >}} or {{< gloss >}}control plane{{< /gloss >}}, and different components may have different effects on your applications when upgraded - for production deployments, it is strongly recommended to install the components separately to allow for more control during upgrades. Consult the [operations guidelines](/docs/ops/best-practices/deployment/) for production deployment considerations. | ||
|
|
||
| For installing Istio with support for the {{< gloss >}}ambient{{< /gloss >}} data plane mode in a non-production cluster, we provide a simple Helm chart which bundles all the required Helm charts. |
There was a problem hiding this comment.
| For installing Istio with support for the {{< gloss >}}ambient{{< /gloss >}} data plane mode in a non-production cluster, we provide a simple Helm chart which bundles all the required Helm charts. | |
| For installing Istio in a non-production cluster with support for the {{< gloss >}}ambient{{< /gloss >}} data plane mode, we provide a simple Helm chart which bundles all the required component charts together. |
| @@ -28,7 +28,21 @@ we encourage the use of Helm to install Istio for use in ambient mode. Helm help | |||
|
|
|||
| *See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation.* | |||
|
|
|||
| ## Install the components | |||
| {{< gloss "ambient" >}}Ambient{{< /gloss >}} is made up of multiple components - for production deployments, it is strongly recommended to install the components separately to allow for more control during upgrades. Consult the [operations guidelines](/docs/ops/deployment) for production deployment considerations. | |||
There was a problem hiding this comment.
Started reviewing this a bit further and realised the same thing - we need to treat all of these holistically (and think about how we're going to include this content in the general Istio install/upgrade docs as ambient moves to GA.) I'll stand down, but it would be great to get this chart included in the Getting Started guide (at least for 1.23, if not 1.22)
I don't think I meant that last part
There was a problem hiding this comment.
Oh hello, I don't think we should be using helm in the Getting Started guide. This has to be zero to installed in as quick a time as possible.
I'd love to get updates to the Helm page in before making some updates of my own though. Could we remove this for now and just get the others?
There was a problem hiding this comment.
This has to be zero to installed in as quick a time as possible.
Yes, that was the intent behind this PR. helm install istio-ambient istio/samples/ambient -n istio-system --create-namespace --wait being analogous to istioctl install --profile=ambient
I was looking at the getting started doc as the simplest possible/most normative set of steps for the non-Istio user (who probably already uses Helm).
I had the wrapper chart in the regular Helm install guide before, and was asked to move it out: #15279 (comment)
The options here are:
- Drop the wrapper chart people have asked for, and (IMO) continue to have a needlessly substandard Helm experience, because we don't recommend/test/use/compose Helm charts the way our users do in any capacity.
- Put the wrapper chart guide in
quickstart(where this PR puts it now) - Put the wrapper chart guide in
Helm install(where this PR originally had it, before the TOC asked for it not to be there)
@linsun @howardjohn and @craigbox you all decide, and I'll wait for that.
There was a problem hiding this comment.
I think @craigbox's comment was just not to put anything 'helm' in quickstart, likely on a disagreement that its the 'simplest set of steps for the non-Istio user'.
I do tend to agree for a quickstart Helm is likely to only cause friction. istioctl is already something a user will install as part of the getting started (used in other parts), so its a decent choice -- as is kubectl apply which is what we used to do.
I don't think that means we need to drop the wrapper chart, though, we can just say you can install with helm in a aggregated or decomposed manner based on your needs
There was a problem hiding this comment.
There is a disconnect here between the TOC and the "docs WG" (me), who is asleep when TOC meetings happen. I'm sorry to Ben for it having dragged him in two directions.
The goal of the "Getting Started" page is the easiest possible experience for someone looking at Istio for the first time. We're debating on Slack if this is helm or if it is istioctl, but until now we've assumed it was istioctl. Peter and I have put some effort into improving this recently as unfortunately it is a measure by which the "complexity of Istio" has been reported.
There is also a meme of "Istio has 7 Helm charts", which I am all in favour of resolving. I think that the Helm install page should point out that you can install everything with one chart, or use separate charts, and lay out the case for why you should actually do the more complex thing.
I would like the TOC (or whoever; Environments WG, Ben?) to decide on the order of recommendation for helm and istioctl, and that might dictate the choice in the Getting Started guide.
There was a problem hiding this comment.
The question is -- recommendation for what goal?
For a serious production install, where we are optimizing for reliability and safety, Helm is very likely the best choice at this point. istioctl isn't bad or anything, just doesn't integrate with tooling.
For "just give me an env with it deployed so I can try it out", helm is probably not the best...
To put it another way -- when I develop on Istio, I don't use helm since it is tedious to use.
There was a problem hiding this comment.
To put it another way -- when I develop on Istio, I don't use helm since it is tedious to use.
I don't use it with Istio either because it is tedious to use with Istio for reasons that have to do with Istio - I have and do use it in dev flows for other things just fine - Helm probably has more daily users than Istio does.
But all this brings up a very good point - the people developing Istio day-to-day will shave the edges off of any install mechanism we pick, no matter which is picked, in much the same way that water wears down rocks.
If we don't subject our Helm to that direct daily wear it will continue to be an afterthought and tedious to use. The same is true of istioctl.
I am convinced that the people developing Istio day-to-day (and I am including myself in this) are probably not qualified to make this decision for those reasons, and are too close to the problem to make a good assessment - so I'm gonna defer to TOC/docs WG/community asks.
There was a problem hiding this comment.
Sorry for weigh in late here, my preference is to keep istioctl for getting started with ambient (same as sidecars), and add the helm wrapper also in getting started as a 2nd tab for existing helm user. That way, if people already has helm and don't want to download istioctl to get started on ambient, they can.
We do see some users asking for helm wrapper chart in ambient slack so folks will likely be using it when evaluating ambient.
There was a problem hiding this comment.
Looking at the PR again, there are more lines (2X roughly i think) to read for users in the helm instruction with wrapper chart than istioctl... so I'd definitely continue to vote for istioctl. After reading the helm instruction, I lean towards to put helm get started instruction using wrapper chart as a link to be linked from the get started with ambient page.
|
Test failure is because the extend-wasm guide uses the Gateway API install docs from the getting started page, which were removed when we went to Helm. |
Yeah I fixed some of this in #15474 - that one should probably go in before this one, and I'll resync this one pending the outcome of #15279 (comment) |
istio-testing
added
the
needs-rebase
|
PR needs rebase. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
FYI, I added this PR to ambient meeting agenda for tmr. |
|
Aight so current consensus: https://docs.google.com/document/d/1SMlwliEnthgq7r2PjpLl1kCq3t8rAMbgu6r_lDAXJ0w/edit#heading=h.ttmnrtyxr98j
|
Description
Fixes #15167
Note that until at least a 1.23 prerelease build is published, the
ambientchart will not show up in the documented repo, see istio/release-builder#1849To test locally in the meantime, you can use the local copies of the chart, so instead of doing:
like the doc says, do
(you may need to run
helm dep update ./manifests/charts/ambientfirst to populate the depcache)I left both the individual and wrapper modes in both docs.
Reviewers