Uploaded image for project: 'OpenShift Service Mesh'
  1. OpenShift Service Mesh
  2. OSSM-2583

No mention about Auto-injection using namespace (aka project) labels in OSSM docs

    XMLWordPrintable

Details

    • Story
    • Resolution: Unresolved
    • Major
    • None
    • OSSM 2.4.0
    • Documentation
    • None
    • 3
    • False
    • None
    • False

    Description

      Currently, OSSM docs just mentioned the auto-injection using annotation(sidecar.istio.io/inject: "true") only at [0] and [1].
      But as you can see my test[2] and the attachment of OSSM operator interface for ServiceMeshControlPlane CR,
      the auto-injection using namespace (aka project) labels is available now, and it worked well for me.

      Could you please add more documentation or sections for the auto-injection using namespace for consistent with actual feature in OSSM ?

      [0] and [1] make customers being confused as not providing and supporting the auto-injection using namespace, it is also not matched with actual functioning of OSSM.

      [0] Automatic injection
      https://docs.openshift.com/container-platform/4.10/service_mesh/v2x/ossm-vs-community.html#ossm-automatic-injection_ossm-vs-istio

      The upstream Istio community installation automatically injects the sidecar into pods within the projects you have labeled.

Red Hat OpenShift Service Mesh does not automatically inject the sidecar to any pods, but requires you to opt in to injection using an annotation without labeling projects.

      [1] Enabling sidecar injection
      https://docs.openshift.com/container-platform/4.10/service_mesh/v2x/prepare-to-deploy-applications-ossm.html

      After adding your services to a mesh, enable automatic sidecar injection in the deployment resource for your application.
You must enable automatic sidecar injection for each deployment.

      [2] Test result using namespace (aka project) labels in OSSM 2.1.1 on OCPv4.8.

      1. Enable autoInject: true and configure
  $ oc edit smcp basic -n istio-system
  :
  spec:
    proxy:
      injection:
        autoInject: true        # Enabling auto-injection of namespace
        neverInjectSelector:    # Disabling auto-injection against only builder pods using "openshift.io/build.name" label
        - matchExpressions:
          - key: openshift.io/build.name
            operator: Exists
  :
  $ oc edit servicemeshmemberroll default -n istio-system
  spec:
    members:
    - test-istio

2. Create test-istio project with "istio-injection: enabled"
  $ oc new-project test-istio
  $ oc label namespace test-istio istio-injection=enabled --overwrite

3. Create usual pods through each of the build and deployment processes as follows.
  $ oc new-app httpd
  $ oc new-app python~https://github.com/bysnupy/testtools.git --context-dir=http-slow-responsor

  $ oc get pod
  NAME                         READY   STATUS      RESTARTS   AGE
  httpd-8686bc54d-hv7jh        2/2     Running     0          3m57s  <-- Automatically injected istio-proxy without the annotation in the deployment.
  testtools-2-build            0/1     Completed   0          3m34s  <-- Built successfully without istio-proxy by disabling auto-injection.
  testtools-6b7d9894b7-z5cmq   2/2     Running     0          2m59s  <-- Automatically injected istio-proxy without the annotation in the deployment.

      Attachments

        Activity

          People

            Unassigned Unassigned
            jlongmui@redhat.com Jamie Longmuir
            Votes:
            0 Vote for this issue
            Watchers:
            8 Start watching this issue

            Dates

              Created:
              Updated: