K
Q

Istio Installation successful but not able to deploy POD

4/19/2021

I have successfully installed Istio in k8 cluster.

  • Istio version is 1.9.1

  • Kubernetes CNI plugin used: Calico version 3.18 (Calico POD is up and running)

kubectl get pod -A

istio-system           istio-egressgateway-bd477794-8rnr6           1/1     Running   0          124m
istio-system           istio-ingressgateway-79df7c789f-fjwf8        1/1     Running   0          124m
istio-system           istiod-6dc55bbdd-89mlv                       1/1     Running   0          124

When I'm trying to deploy sample nginx app I am getting the error below:

failed calling webhook sidecar-injector.istio.io context deadline exceeded
Post "https://istiod.istio-system.svc:443/inject?timeout=30s": 
context deadline exceeded

When I Disable automatic proxy sidecar injection the pod is getting deployed without any errors. 

kubectl label namespace default istio-injection-

I am not sure how to fix this issue could you please some one help me on this?

-- Gowmi
calico
istio
kubernetes

Similar Questions

Spring Boot Admin does not detect service after restarting
Methods for horizontal authentication between microservices (RESTful)
How to create a file while creating(claiming) persistent volume?
How to change istio ingress loadbalancer external IP
Opensource Storage Options for Kubernetes Cluster running on bare metal

1 Answer

4/19/2021

In this case, adding hostNetwork:true under spec.template.spec to the istiod Deployment may help. This seems to be a workaround when using Calico CNI for pod networking (see: failed calling webhook "sidecar-injector.istio.io)

As we can find in the Kubernetes Host namespaces documentation:

HostNetwork - Controls whether the pod may use the node network namespace. Doing so gives the pod access to the loopback device, services listening on localhost, and could be used to snoop on network activity of other pods on the same node.

-- matt_j
Source: StackOverflow