-
Ticket
-
Resolution: Done
-
Major
-
None
-
OSSM 2.4.0
-
None
-
False
-
None
-
False
-
-
By default the annotation "sidecar.istio.io/interceptionMode" is set to "REDIRECT". But changing this value to "TPROXY" prevents the pod from being created.
Use the following configuration
apiVersion: apps/v1 kind: Deployment metadata: name: sleep spec: progressDeadlineSeconds: 600 replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: deployment: sleep strategy: rollingUpdate: maxSurge: 25% maxUnavailable: 25% type: RollingUpdate template: metadata: annotations: sidecar.istio.io/inject: "true" sidecar.istio.io/interceptionMode: "TPROXY" labels: deployment: sleep app: sleep spec: containers: - args: - tail - -f - /dev/null image: registry.access.redhat.com/rhel7/rhel-tools:latest imagePullPolicy: IfNotPresent name: sleep resources: {} terminationMessagePath: /dev/termination-log terminationMessagePolicy: File dnsPolicy: ClusterFirst restartPolicy: Always schedulerName: default-scheduler securityContext: {} terminationGracePeriodSeconds: 30
When the Deployment is created, the following errors appear in the events:
0s Normal ScalingReplicaSet deployment/sleep Scaled up replica set sleep-bb889f584 to 1 0s Warning FailedCreate replicaset/sleep-bb889f584 Error creating: admission webhook "sidecar-injector.istio.io" denied the request: failed to run injection template: failed parsing generated injected YAML (check Istio sidecar injector configuration): unmarshal patched pod: json: cannot unmarshal string into Go struct field SecurityContext.spec.containers.securityContext.runAsGroup of type int64 0s Warning FailedCreate replicaset/sleep-bb889f584 Error creating: admission webhook "sidecar-injector.istio.io" denied the request: failed to run injection template: failed parsing generated injected YAML (check Istio sidecar injector configuration): unmarshal patched pod: json: cannot unmarshal string into Go struct field SecurityContext.spec.containers.securityContext.runAsGroup of type int64 0s Warning FailedCreate replicaset/sleep-bb889f584 Error creating: admission webhook "sidecar-injector.istio.io" denied the request: failed to run injection template: failed parsing generated injected YAML (check Istio sidecar injector configuration): unmarshal patched pod: json: cannot unmarshal string into Go struct field SecurityContext.spec.containers.securityContext.runAsGroup of type int64 0s Warning FailedCreate replicaset/sleep-bb889f584 Error creating: admission webhook "sidecar-injector.istio.io" denied the request: failed to run injection template: failed parsing generated injected YAML (check Istio sidecar injector configuration): unmarshal patched pod: json: cannot unmarshal string into Go struct field SecurityContext.spec.containers.securityContext.runAsGroup of type int64 0s Warning FailedCreate replicaset/sleep-bb889f584 Error creating: admission webhook "sidecar-injector.istio.io" denied the request: failed to run injection template: failed parsing generated injected YAML (check Istio sidecar injector configuration): unmarshal patched pod: json: cannot unmarshal string into Go struct field SecurityContext.spec.containers.securityContext.runAsGroup of type int64
- depends on
-
OSSM-4851 Avoid nil value in injection template replacement
-
- Closed
-
- mentioned on
