Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Disable Istio sidecar injection to the job pod

Tags:

kubernetes-cronjob

istio

istio-sidecar

How to disable Istio sidecar injection for the Kubernetes Job?

apiVersion: batch/v1beta1
kind: CronJob
metadata:
  name: pod-restart
spec:
  concurrencyPolicy: Forbid
  schedule: '0 8 * * *'
  jobTemplate:
    metadata:
      annotations:
        sidecar.istio.io/inject: "false"
    spec:
      backoffLimit: 2
      activeDeadlineSeconds: 600
      template:
        spec:
          serviceAccountName: pod-restart
          restartPolicy: Never
          containers:
            - name: kubectl
              image: bitnami/kubectl
              command: ['kubectl', 'rollout', 'restart', 'deployment/myapp']

Sidecar still gets injected.

like image 628
Jonas Avatar asked Jan 20 '21 10:01

Jonas

People also ask

How do I disable Istio sidecar injection?

Disable automatic proxy sidecar injection Remove the istio-injection=enabled label from the default namespace by using the kubectl label as shown. The kubectl get namespace command confirms that the label is removed from the default namespace. Finally, delete the NGINX deployment.

How do I disable Istio in Kubernetes?

Uninstalling Istio from a cluster Ensure your default mTLS mode is set to Permissive mTLS. Shift traffic away from the Istio ingress gateway. Turn off sidecar auto-injection, if enabled. Restart application pods (for example using rolling restart) to remove the Envoy sidecars.

Which Istioctl command injects sidecars manually?

In order to take advantage of all of Istio's features, pods in the mesh must be running an Istio sidecar proxy. The following sections describe two ways of injecting the Istio sidecar into a pod: manually using the istioctl command or by enabling automatic Istio sidecar injection in the pod's namespace.

1 Answers

The annotation is in wrong place. You have to put it on the pod template.

apiVersion: batch/v1beta1
kind: CronJob
metadata:
spec:
  jobTemplate:
    spec:
      template:
        metadata:
          annotations:
            sidecar.istio.io/inject: "false"

There is working CronJob example with istio injection disabled.

apiVersion: batch/v1beta1
kind: CronJob
metadata:
  name: hello
spec:
  schedule: "*/1 * * * *"
  jobTemplate:
    spec:
      template:
        metadata:
          annotations:
            sidecar.istio.io/inject: "false"
        spec:
          containers:
          - name: hello
            image: busybox
            args:
            - /bin/sh
            - -c
            - date; echo "Hello, World!"
          restartPolicy: OnFailure

Also there is related github issue about that.

like image 146
Jakub Avatar answered Sep 29 '22 23:09

Jakub
Sign in to Comment

Related questions

EventStore on Kubernetes: Connection refused
Connecting to Istio ingress gateway gives a 404 error
Istio authorization policy not applying on child gateway
Kafka on kubernetes cluster with Istio
Install Istio on EKS cluster using Terraform and Helm
How log request and response body in Istio
Does Istio support UDP protocol?
The difference between Istio's `DestinationRule` vs Kubernetes `Service`?
Why does istio-ingressgateway expose port 31400?
Integrating Istio with AWS IAM
Using Gateway + VirtualService + http01 + SDS
How istio send tracing spans to jaeger?
Service mesh and Async services
Istio and (or versus) Nginx Ingress Controller
istio-proxy closing long running TCP connection after 1 hour
Necessity for separate VirtualService and DestinationRule configs in Istio
Istio - URI Rewrite with URI Regex Match

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!