Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Done
Priority: Normal
Fix Version/s: OSSM 2.1.2
Affects Version/s: OSSM 2.1.0, OSSM 2.1.1
Component/s: Maistra
Labels:
None

Blocked:
False
Blocked Reason:
None
Ready:
False
Affects:

Compatibility/Configuration
Git Pull Request:
https://github.com/maistra/istio/pull/467

Sprint:
OSSM 2.2 - 2

SFDC Cases Links:
SFDC Cases Counter:

Description

OSSM doesn't follow the same rules as OpenShift does to inject annotations into the pods.

One can define annotations for a container in a deployment like this:

 34   template:
 35     metadata:
 36       annotations:
 37         openshift.io/generated-by: OpenShiftNewApp
 38         sidecar.istio.io/inject: "true"
 39         test1.annotation-from-deployment: test1
 40         test2.annotation-from-deployment: '["test2"]'
 41         test3.annotation-from-deployment: test-3
 42         test4.annotation-from-deployment: test_4
 43         test5.annotation-from-deployment: '{test5}'

And the resulting pod will have the annotations set correctly:

 45     test1.annotation-from-deployment: test1
 46     test2.annotation-from-deployment: '["test2"]'
 47     test3.annotation-from-deployment: test-3
 48     test4.annotation-from-deployment: test_4
 49     test5.annotation-from-deployment: '{test5}'
 50     traffic.sidecar.istio.io/excludeInboundPorts: 15090,15021

When defining simple annotations in the injections section of the SMCP, it works as expected:

 30   proxy:
 31     accessLogging:
 32       file:
 33         name: /dev/stdout
 34     injection:
 35     injection:
 36       autoInject: true
 37       injectedAnnotations:
 38         test0.annotation-from-smcp: test0

And the pod gets the annotation from the SMCP as well as the annotation from the deployment:

 45     test0.annotation-from-smcp: test0
 46     test1.annotation-from-deployment: test1
 47     test2.annotation-from-deployment: '["test2"]'
 48     test3.annotation-from-deployment: test-3
 49     test4.annotation-from-deployment: test_4
 50     test5.annotation-from-deployment: '{test5}'
 51     traffic.sidecar.istio.io/excludeInboundPorts: 15090,15021

But when using annotations that include the symbols "[" , "]" , "{" , "}", the annotations are no longer injected in the pod:

 34     injection:
 35       autoInject: true
 36       injectedAnnotations:
 37         test0.annotation-from-smcp: test0
 38         test1.annotation-from-smcp: test1
 39         test2.annotation-from-smcp: '["test2"]'
 40         test3.annotation-from-smcp: '{test3}'

These annotations seem to be ignored. Even if you add another valid annotations, if there's any non-valid character in one of the new annotations, all the new annotations in the SMCP are omitted:

 45     test0.annotation-from-smcp: test0
 46     test1.annotation-from-deployment: test1
 47     test1.annotation-from-smcp: test1
 48     test2.annotation-from-deployment: '["test2"]'
 49     test3.annotation-from-deployment: test-3
 50     test4.annotation-from-deployment: test_4
 51     test5.annotation-from-deployment: '{test5}'
 52     traffic.sidecar.istio.io/excludeInboundPorts: 15090,15021

The istiod pod shows the following error:

2022-02-15T13:19:34.799227Z     error   update error: failed to unmarshal injection template: error converting YAML to JSON: yaml: line 10: did not find expected key

That seems to come from here: https://github.com/maistra/istio/blob/5f8f4917ef775c5a8696fa9a096cab1a051f24dc/pkg/kube/inject/inject.go#L153

Can we change the behaviour of the injections to match the way K8s/OpenShift behaving when adding annotations to the deployments?

Attachments

Issue Links

mentioned on

Merge request - Updated US source to: e73d08a OSSM-1074 Fix rendering of injectedAnnotations in Helm charts (#467)

Activity

People

Assignee:: Marko Luksa

Reporter:: Alexis Solanas

Votes:: 0 Vote for this issue

Watchers:: 7 Start watching this issue

Dates

Created:: 2022/02/15 1:57 PM

Updated:: 2022/06/14 12:12 PM

Resolved:: 2022/06/14 12:12 PM