问题描述
如何为 Kubernetes Job 禁用 Istio sidecar 注入?
apiVersion: batch/v1beta1
kind: CronJob
Metadata:
name: pod-restart
spec:
concurrencyPolicy: Forbid
schedule: '0 8 * * *'
jobTemplate:
Metadata:
annotations:
sidecar.istio.io/inject: "false"
spec:
backoffLimit: 2
activeDeadlineseconds: 600
template:
spec:
serviceAccountName: pod-restart
restartPolicy: Never
containers:
- name: kubectl
image: bitnami/kubectl
command: ['kubectl','rollout','restart','deployment/myapp']
Sidecar 仍然被注入。
解决方法
注释位置错误。你必须把它放在 pod 模板上。
apiVersion: batch/v1beta1
kind: CronJob
metadata:
spec:
jobTemplate:
spec:
template:
metadata:
annotations:
sidecar.istio.io/inject: "false"
有禁用 istio 注入的 CronJob 示例。
apiVersion: batch/v1beta1
kind: CronJob
metadata:
name: hello
spec:
schedule: "*/1 * * * *"
jobTemplate:
spec:
template:
metadata:
annotations:
sidecar.istio.io/inject: "false"
spec:
containers:
- name: hello
image: busybox
args:
- /bin/sh
- -c
- date; echo "Hello,World!"
restartPolicy: OnFailure
还有与此相关的 github issue。