Migrate Istio images from DockerHub to GCR #3022

akagami-harsh · 2025-02-27T21:30:06Z

Pull Request Template for Kubeflow Manifests

✏️ Summary of Changes

Replaces DockerHub image references (docker.io/istio) with GCR equivalents (gcr.io/istio-release) for Istio 1.24 and Istio-cni 1.24
Updates Istio manifests in common/istio-1-24/ and common/istio-cni-1-24/.

📦 Dependencies

List any dependencies or related PRs (e.g., "Depends on #123").

🐛 Related Issues

part of Switch to GHCR due to docker.io pull rate limits #3010

✅ Contributor Checklist

I have tested these changes with kustomize. See Installation Prerequisites.
All commits are signed-off to satisfy the DCO check.

You can join the CNCF Slack and access our meetings at the Kubeflow Community website. Our channel on the CNCF Slack is here #kubeflow-platform.

juliusvonkohout · 2025-02-28T08:34:58Z

Thank you @akagami-harsh please also upgrade/cleanup the readmes for istio and istio-cni https://github.com/kubeflow/manifests/blob/master/common/istio-cni-1-24/README.md https://github.com/kubeflow/manifests/blob/master/common/istio-1-24/README.md with the changes and use/upgrade the scripts in /hack https://github.com/kubeflow/manifests/blob/master/hack/synchronize-istio-manifests.sh and https://github.com/kubeflow/manifests/blob/master/hack/synchronize-istio-cni-manifests.sh with the commit to upgrade to the latest 1.24.3 https://github.com/istio/istio/releases/tag/1.24.3 release.

COMMIT="1.24.3"
CURRENT_VERSION="1-24" 
NEW_VERSION="1-24" # Must be a release

juliusvonkohout · 2025-02-28T18:06:50Z

@akagami-harsh please also upgrade/cleanup the readmes for istio and istio-cni https://github.com/kubeflow/manifests/blob/master/common/istio-cni-1-24/README.md https://github.com/kubeflow/manifests/blob/master/common/istio-1-24/README.md with the changes. you can also simplify them

akagami-harsh · 2025-02-28T18:08:34Z

@akagami-harsh please also upgrade/cleanup the readmes for istio and istio-cni https://github.com/kubeflow/manifests/blob/master/common/istio-cni-1-24/README.md https://github.com/kubeflow/manifests/blob/master/common/istio-1-24/README.md with the changes. you can also simplify them

Yes, i am working on it

juliusvonkohout · 2025-02-28T18:46:10Z

Regarding image: busybox:1.28 we should use registry.k8s.io/busybox in the install.yaml. But this must somehow be configured in a persistent manner.

README.md

common/istio-1-24/README.md

common/istio-1-24/istio-install/base/patches/update-busybox-image.yaml

common/istio-cni-1-24/README.md

common/istio-cni-1-24/istio-install/base/install.yaml

hack/synchronize-istio-manifests.sh

Signed-off-by: Harshvir Potpose <[email protected]>

juliusvonkohout · 2025-03-04T13:21:53Z

I am wondering which change is failing the three tests and i think you have to re-run the script to build the install.yaml etc. with the native sidecars.

Signed-off-by: Harshvir Potpose <[email protected]>

akagami-harsh · 2025-03-04T20:23:48Z

The patchs were causing CI issues, so used image transformation to update busybox image instead.

juliusvonkohout · 2025-03-05T10:33:48Z

I think you should also check #3035

juliusvonkohout · 2025-03-05T10:34:09Z

I will try to review and merge it this week.

Signed-off-by: Julius von Kohout <[email protected]>

juliusvonkohout · 2025-03-05T14:45:39Z

Actually i do not see how

      k8s:
        env:
        - name: ENABLE_NATIVE_SIDECARS
          value: "true"

has any effect. I cannot find the variable in the generated manifests.

apiVersion: apps/v1
kind: Deployment
metadata:
  name: istiod
  namespace: istio-system
spec:
  template:
    spec:
      containers:
      - env:
        - name: ENABLE_NATIVE_SIDECARS
          value: "true"
        name: discovery

should be the output

Signed-off-by: Julius von Kohout <[email protected]>

juliusvonkohout · 2025-03-05T15:58:24Z

fixes #2958

juliusvonkohout · 2025-03-05T15:58:55Z

Thank you for the PR

/lgtm
/approve

Remaining is #3015 and the rest of #2958

google-oss-prow · 2025-03-05T15:59:03Z

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: juliusvonkohout

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

~~OWNERS~~ [juliusvonkohout]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

* switch to gcr from dockerhub Signed-off-by: Harshvir Potpose <[email protected]> * update scripts Signed-off-by: Harshvir Potpose <[email protected]> * update scritps and readmes Signed-off-by: Harshvir Potpose <[email protected]> * run synchronize scripts Signed-off-by: Harshvir Potpose <[email protected]> * add patches to update busybox image Signed-off-by: Harshvir Potpose <[email protected]> * update cluster-specific note Signed-off-by: Harshvir Potpose <[email protected]> * revert typo in synchronize script and rerun them Signed-off-by: Harshvir Potpose <[email protected]> * keep newer knative versions Signed-off-by: Harshvir Potpose <[email protected]> * Enable native sidecars in Istio CNI Signed-off-by: Harshvir Potpose <[email protected]> * Update istio CNI docs Signed-off-by: Harshvir Potpose <[email protected]> * use image transformation insted of patches Signed-off-by: Harshvir Potpose <[email protected]> * run istio-cni sync script Signed-off-by: Harshvir Potpose <[email protected]> * Update kustomization.yaml Signed-off-by: Julius von Kohout <[email protected]> * Update istio-ingressgateway-deployment.yaml Signed-off-by: Julius von Kohout <[email protected]> * Update istio-ingressgateway-deployment.yaml Signed-off-by: Julius von Kohout <[email protected]> * Update kustomization.yaml Signed-off-by: Julius von Kohout <[email protected]> * Update profile.yaml Signed-off-by: Julius von Kohout <[email protected]> * Update install.yaml Signed-off-by: Julius von Kohout <[email protected]> * Update kustomization.yaml Signed-off-by: Julius von Kohout <[email protected]> * Update kustomization.yaml Signed-off-by: Julius von Kohout <[email protected]> --------- Signed-off-by: Harshvir Potpose <[email protected]> Signed-off-by: Julius von Kohout <[email protected]> Co-authored-by: Julius von Kohout <[email protected]> Signed-off-by: Patrick Schönthaler <[email protected]>

google-oss-prow bot requested review from juliusvonkohout and kimwnasptd February 27, 2025 21:30

google-oss-prow bot added the size/S label Feb 27, 2025

juliusvonkohout added this to the 1.10 milestone Feb 28, 2025

google-oss-prow bot added size/M and removed size/S labels Feb 28, 2025

google-oss-prow bot added size/L and removed size/M labels Mar 1, 2025

akagami-harsh force-pushed the switch-to-gcr branch from 478887d to 21b6092 Compare March 1, 2025 08:37

google-oss-prow bot added size/XXL and removed size/L labels Mar 1, 2025

akagami-harsh force-pushed the switch-to-gcr branch from 9c78520 to e08a45b Compare March 3, 2025 08:00