istio pilot #8

Supports: kubernetes

Deploy this charm on Kubernetes with the CLI. Find out how by reading the docs.


Istio is an open platform-independent service mesh that provides traffic management, policy enforcement, and telemetry collection.

Open: Istio is being developed and maintained as open-source software. We encourage contributions and feedback from the community at-large.

Platform-independent: Istio is not targeted at any specific deployment environment. During the initial stages of development, Istio will support Kubernetes-based deployments. However, Istio is being built to enable rapid and easy adaptation to other environments.

Service mesh: Istio is designed to manage communications between microservices and applications. Without requiring changes to the underlying services, Istio provides automated baseline traffic resilience, service metrics collection, distributed tracing, traffic encryption, protocol upgrades, and advanced routing functionality for all service-to-service communication.

For more detail, please see:

Docker Resource Layer

This layer provides an interface for dealing with charm resources that are Docker images.


Using this layer generally consists of the following steps:

  • Call layer.docker_resource.fetch(resource_name)
  • Wait for layer.docker-resource.{resource_name}.available
  • Call layer.docker_resource.get_info(resource_name)

Alternatively, a resource can be marked with auto-fetch: true in its definition in metadata.yaml, in which case it will automatically have fetch() called on it, if it is of type docker. That way, you can skip the first step and remove the need for an additional handler.


Given a Kubernetes charm with the following resource definition in the metadata.yaml file:

name: my-charm
    type: oci-image
    auto-fetch: true
    description: "The image for this charm"

The charm would then use the follow reactive code to use the Docker image resource:

from charms.reactive import when, when_not

from charms import layer

def start_container():
    layer.status.maintenance('configuring container')
    image_info = layer.docker-resource.get_info('my-resource')
        'containers': [
                'name': 'my-service',
                'imageDetails': {
                    'imagePath': image_info.registry_path,
                    'username': image_info.username,
                    'password': image_info.password,
                'ports': [
                        'name': 'service',
                        'containerPort': 80,
    layer.status.maintenance('creating container')



The methods available are:

  • charms.layer.docker-resource.fetch(resource_name) Request that the given Docker image resource be fetched and validated.

  • charms.layer.docker-resource.get_info(resource_name) Return the image info object for the given resource.

Image Info Object

The image info object returned by get_info(resource_name) is a DockerImageInfo instance which has the following properties:

  • image_info.registry_path This is the fully qualified registry path for the image. This will generally point to the controller or charm store, but may point directly to an external registry.

  • image_info.username The username needed to access the image on the registry, if any.

  • image_info.password The password needed to access the image on the registry, if any.

Reactive Flags

The flags set by this layer are:

  • layer.docker-resource.{resource_name}.fetched Set as soon as the given resource has been requested by the fetch method.

  • layer.docker-resource.{resource_name}.available Set when the given resource has been downloaded and is available.

  • layer.docker-resource.{resource_name}.failed Set when the given resource failed to download.

Status Messages

This layer will automatically set a maintenance status message while fetching each resource, and a blocked status message if one or more resources fail to be fetched. The statuses will be set using layer:status to handle conflict resolution.

You can disable automatic status messages from this layer by changing the layer option set-status to false in your layer.yaml.


(int) Debug interface
(string) Name to use as a default gateway
(string) Monitoring address
(string) Secure GRPC address
(int) Injection and validation webhook port
(int) xDS (various discovery services) and CA services (plaintext)
(int) xDS (various discovery services) and CA services (TLS)