mandarjog/gist:c75fbebc5c16dc3c4a8daa90d4153ff9

## gistfile1.txt
Updating pilot envvars is not possible with istio-on-gke add-on because of the reconciliation loop.

The following steps can update pilot environment variables.

1. Create a config map with the delegation script

kubectl -n istio-system apply -f https://gist.githubusercontent.com/mandarjog/c5fd7201e0d0618d562d0b18cbeebfd8/raw/ae52fb362a5578530e38fe01ee3e40fa2f4b9a8c/istio-pilot-config-map.yaml

The script unsets PILOT_DISABLE_XDS_MARSHALING_TO_ANY env var.

2. Update istio-pilot deployment to use this delegation start script: called run.sh
kubectl -n istio-system edit deployment istio-pilot
a. find pilot discovery container "args" and add "command" key at the same level as "args"
   Look for "--keepaliveMaxServerConnectionAge"
``` yaml
    - args:
      - discovery
      - --monitoringAddr=:15014
      - --log_output_level=default:info
      - --domain
      - cluster.local
      - --secureGrpcAddr
      - ""
      - --keepaliveMaxServerConnectionAge
      - 30m
      command:
        - /script/run.sh
```
3. Add VolumeMount in the discovery container. Note that "/script" was added here
```
       volumeMounts:
        - mountPath: /script
          name: script
        - mountPath: /etc/istio/config
          name: config-volume
        - mountPath: /etc/certs
          name: istio-certs
          readOnly: true
```
4. Add Volume to the pods. Note name==script was added here with default mode 484.
```
     volumes:
      - configMap:
          defaultMode: 484
          name: script
        name: script
      - configMap:
          defaultMode: 420
          name: istio
        name: config-volume
```
	Updating pilot envvars is not possible with istio-on-gke add-on because of the reconciliation loop.

	The following steps can update pilot environment variables.

	1. Create a config map with the delegation script

	kubectl -n istio-system apply -f https://gist.githubusercontent.com/mandarjog/c5fd7201e0d0618d562d0b18cbeebfd8/raw/ae52fb362a5578530e38fe01ee3e40fa2f4b9a8c/istio-pilot-config-map.yaml

	The script unsets PILOT_DISABLE_XDS_MARSHALING_TO_ANY env var.

	2. Update istio-pilot deployment to use this delegation start script: called run.sh
	kubectl -n istio-system edit deployment istio-pilot
	a. find pilot discovery container "args" and add "command" key at the same level as "args"
	Look for "--keepaliveMaxServerConnectionAge"
	``` yaml
	- args:
	- discovery
	- --monitoringAddr=:15014
	- --log_output_level=default:info
	- --domain
	- cluster.local
	- --secureGrpcAddr
	- ""
	- --keepaliveMaxServerConnectionAge
	- 30m
	command:
	- /script/run.sh
	```
	3. Add VolumeMount in the discovery container. Note that "/script" was added here
	```
	volumeMounts:
	- mountPath: /script
	name: script
	- mountPath: /etc/istio/config
	name: config-volume
	- mountPath: /etc/certs
	name: istio-certs
	readOnly: true
	```
	4. Add Volume to the pods. Note name==script was added here with default mode 484.
	```
	volumes:
	- configMap:
	defaultMode: 484
	name: script
	name: script
	- configMap:
	defaultMode: 420
	name: istio
	name: config-volume
	```