Breaking istio in microk8s

I was running microk8s version 1.20 on my laptop and decided to upgrade it to 1.22 since it is the newest stable version.

That was easy:

sudo snap refresh microk8s --channel=1.22/stable

After the upgrade I noticed that many applications in the istio-system were not working. I taught that deleting the pod would recreate it and fix the issue but they kept failing.

When I try to remove istio I get an error:

sudo microk8s.disable istio
Disabling Istio
Error: unknown flag: --purge

And I am stuck in this state.

I have not found any solution to this yet.


I just discovered this application for k8s and there is a lot to like. It allows me to look at a k8s cluster in a whole new way. It is so easy to see everything that is running and all the resources that have been created.

This is quite the upgrade from the command line to see things quickly. I am not abandoning the cli but I am certainly going to look here when I need to troubleshoot because I have a better view of everything that is on the cluster.

They want you to look at this software as the k8s IDE. I will have to explore a bit more to see how it can me another IDE for my use cases.

Network Policies for a Namespace

It took me a couple of days of testing to realize my mistake with a network policy that I had.

What I wanted was to allow communication to a pod on a certain port for other pods in the same namespace. If the communication was coming from outside the namespace I was opening another port to let those happen.

The challenge I faced and that took me a while to fix was not as much with the network policy but with the fact that the namespace specification did not include a proper label. The network policy can only match on a label at this time and I was trying to get it to match on the name of the namespace.

The solution was to add a label to the namespace and then match with it.

I also learned to use the “kubectl describe netpol/nameofit” a lot to properly understand what k8s was understanding from the yaml I was submitting. I made typoes that did not prevent the network policy to be accepted but an extra dash on a line make a whole world of difference.

There are great examples of network policies with these recipes.