Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Done
Priority: Minor
Fix Version/s: OSSM 2.4.0
Affects Version/s: OSSM 2.4.0
Component/s: Customer Impact, Maistra
Labels:
None

Story Points:
3
Blocked:
False
Blocked Reason:
None
Ready:
False
Affects:

Release Notes
Release Note Text:

Hide
Previously, gateway injection in the control plane namespace was not possible, as we labeled the SMCP namespace with ignore-namespace by default.

As we migrate to gateway injection, customers that already have custom gateways that they deploy to the control plane namespace were blocked by this.

Now, with the 2.4 version of the operator, the control plane namespace is no longer labeled with ignore-namespace for injection when creating a v2.4 control plane, so gateway injection is possible in the control plane namespace.

If users with an existing deployment wish to allow for injection in their control plane namespace, they can do this by removing the label manually like so (where istio-system is the name of the SMCP namespace):

`oc label namespace istio-system maistra.io/ignore-namespace-`

Show
Previously, gateway injection in the control plane namespace was not possible, as we labeled the SMCP namespace with ignore-namespace by default. As we migrate to gateway injection, customers that already have custom gateways that they deploy to the control plane namespace were blocked by this. Now, with the 2.4 version of the operator, the control plane namespace is no longer labeled with ignore-namespace for injection when creating a v2.4 control plane, so gateway injection is possible in the control plane namespace. If users with an existing deployment wish to allow for injection in their control plane namespace, they can do this by removing the label manually like so (where istio-system is the name of the SMCP namespace): `oc label namespace istio-system maistra.io/ignore-namespace-`
Release Note Type:
Known Issue
Release Note Status:
Done
Git Pull Request:
https://github.com/maistra/istio-operator/pull/1060, https://github.com/maistra/istio-operator/pull/1082

Sprint:
Sprint 60, Sprint 61, Sprint 62

Target Version:

OSSM 2.4.0

SFDC Cases Links:
SFDC Cases Counter:

Description

When enabling the Gateway API deployment controller in an SMCP like this:

spec: 
  runtime: 
    components: 
      pilot: 
        container: 
          env: 
            PILOT_ENABLE_GATEWAY_API: "true"
            PILOT_ENABLE_GATEWAY_API_DEPLOYMENT_CONTROLLER: "true"
            PILOT_ENABLE_GATEWAY_API_STATUS: "true"

and subsequently creating a Gateway resource called example in the control plane namespace, you'll see that a Deployment is created but the pod fails to start:

example-6f56d4cbd6-nzdl9                0/1     ImagePullBackOff   0          94s

The error seen is:

  Warning  Failed          10s   kubelet, ocp-wide-vh8fd-worker-vhqm9  Failed to pull image "auto": rpc error: code = Unknown desc = reading manifest latest in docker.io/library/auto: errors:

This is because we will by default ignore the injection annotation/label in the control plane namespace. We do this by adding the maistra.io/ignore-namespace label, which we added to the injection webhook as an opt-out mechanism. I'm not sure this is still required; we shouldn't stop users from injecting in the control plane namespace, at least not gateways.

Note that the reproduction steps above use the Gateway API controller, but this affects Gateway injection in general.

This should be marked as a known issue in the release notes