Is there anyway to start the helmchart pod without trigger istio sidecar injection?
sloppycoder opened this issue · 6 comments
I used this helmchart CRD to install Kong API gateway in my cluster. The helmchart pod continues to be up even after the installation finishes. It seems that in my namespace the Istio side car injection is enabled, so the helmchart pod continues to run because the istio-proxy is running.
Is there anyway to start the pod without istio sidecar?
That seems like an Istio question? The Helm job pod doesn't have any istio-specific configuration, it is up to the Istio webhook whether or not the sidecar gets injected.
This is usually controlled by using an annotation on the job pod template:
spec:
template:
metadata:
annotations:
sidecar.istio.io/inject: "false"
Is there a way to add annotations on the job created by the controller?
No, there is not. Does Istio not have some way to filter pods on the controller side?
The annotation is the preferred way for Istio to determine which pods to filter.
Is that the only way though? We can take job pod annotations on as a feature request but it'll probably be a while before we'd get to it.
The preferred method is to call /quitquitquit on the sidecar after the job has completed: curl -XPOST http://localhost:15000/quitquitquit as disabling the sidecar means you lose istio's proxying. I've had success using this repository as an alternative for now. https://github.com/AOEpeople/kubernetes-sidecar-cleaner
apiVersion: helm.cattle.io/v1
kind: HelmChart
metadata:
name: sidecar-cleaner
namespace: istio-system
spec:
chart: sidecar-cleaner
repo: https://opensource.aoe.com/kubernetes-sidecar-cleaner
targetNamespace: istio-system
version: 0.3.0