Thursday, November 8, 2018

ISTIO Side Car Injection Setting

ISTIO Injection

ISTIO Injection

Standard way

kubectl apply -f <(istioctl kube-inject -f myroute/webserver/instance/template-stateless.yaml)

Is there any way that we can easily run 

kubectl apply -f myroute/webserver/instance/template-stateless.yaml

without complicate command as above. And we also hope we can support running without istio injection.

Changing Inject Policy in Default Policy Setting

Before deploy istio, you can modify the istio-demo.yaml that is in the officical istio deploy script.

# Source: istio/templates/sidecar-injector-configmap.yaml

apiVersion: v1
kind: ConfigMap
.
.
.

data:
  config: |-
    policy: disabled

change istio-demo.yaml from policy: enabled to policy: disabled. One can search the keyword and modify it.

Check which namespace enable the istio injection


kubectl get namespace -L istio-injection
NAME           STATUS    AGE       ISTIO-INJECTION
default        Active    2d
istio-system   Active    2d        disabled
jj             Active    2d

Enabling the istio-injection

kubectl label namespace jj istio-injection=enabled

More commands

clean up

kubectl label namespace jj istio-injection-

if update

kubectl label namespace jj istio-injection=disabled --overwrite

Modify the Service Yaml file

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: helloworld
spec:
  replicas: 1
  template:
    metadata:
      labels:
        app: helloworld
      annotations:
        pod.alpha.kubernetes.io/initialized: "true"
        sidecar.istio.io/inject: "true"

adding the term sidecar.istio.io/inject: "true" to yaml file.

Under the setting * adding sidecar.istio.io/inject: "true", istio injection = true * adding sidecar.istio.io/inject: "false", intio injection = false * without sidecar.istio.io/inject, intio injection = false

This setting will satisfy our environment.

Conclusion

To set up 1. default inject policy to disabled and 2. enable istio in namespace that satisfied our requirement.

  • The default setting is not running with istio.
  • And one can setup sidecar.istio.io/inject as true will enable the istio injection
  • setup sidecar.istio.io/inject as false will disable the istio injection.

More

If we use 1. default setting policy to enabled and 2. enable isito in namespace that NOT satisfied our requirement

Since

  • The default setting will be running with istio
  • setting sidecar.istio.io/inject false will not running with istio injection
  • setting sidecar.istio.io/inject true will run with istio injection
Posted by at No comments:
Labels: ,
Subscribe to: Posts (Atom)