K
Q

While deploying ingress gateway, what does injectionTemplate: gateway mean?

1/18/2022

While deploying ingress gateway, what does injectionTemplate: gateway mean?

It is mention here: https://istio.io/latest/docs/setup/additional-setup/gateway/#deploying-a-gateway

  values:
    gateways:
      istio-ingressgateway:
        # Enable gateway injection
        injectionTemplate: gateway

Also, what is the different between sidecar and gateway templates?

-- sachinks
istio
istio-gateway
istio-sidecar
kubernetes

Similar Questions

Will juju run-action route all requests to kubernetes worker/0?
kubernetes - exposing container info as environment variables
Getting issue when application deployed in one pod calls to another application deployed in another pod in minikube
Does Kubernetes allocates resources if the resource limit is above node capacity?
kubernetes getting 502 bad gateway

1 Answer

3/24/2022

Quoting the official Istio docs: https://istio.io/v1.12/docs/setup/additional-setup/sidecar-injection/#custom-templates-experimental

"Pods will, by default, use the sidecar injection template, which is automatically created. This can be overridden by the inject.istio.io/templates annotation. For example, to apply the default template and our customization, you can set inject.istio.io/templates=sidecar,custom. In addition to the sidecar, a gateway template is provided by default to support proxy injection into Gateway deployments."

It seems the gateway injection template is a "custom template", specifically configured for injecting the sidecar into gateway deployments.

The older ingress and egress deployments (v1.11.0 and earlier) didn't use sidecar injection by default (injectionTemplate: ""), but it seems the newest ingress gateway deployments are injecting the sidecar using the gateway template by default: https://artifacthub.io/packages/helm/istio-official/gateway

Istio recommends enabling Auto-injection for gateway deployments. From https://istio.io/v1.12/docs/setup/additional-setup/gateway/#deploying-a-gateway:

"Using auto-injection for gateway deployments is recommended as it gives developers full control over the gateway deployment, while also simplifying operations. When a new upgrade is available, or a configuration has changed, gateway pods can be updated by simply restarting them. This makes the experience of operating a gateway deployment the same as operating sidecars."

Only problem is, I haven't got it to work using the gateway template. My ingressgateway pod never spins up and I keep getting the following error in the deployment logs:

  - type: ReplicaFailure
      status: 'True'
      lastUpdateTime: '2022-03-17T12:19:55Z'
      lastTransitionTime: '2022-03-17T12:19:55Z'
      reason: FailedCreate
      message: >-
        admission webhook "namespace.sidecar-injector.istio.io" denied the
        request: failed to run injection template: could not parse configuration
        values: json: cannot unmarshal number into Go value of type string

Looks like it might be an upstream problem with how the gateway injection template is configured. I also don't know where to get a more detailed answer on what the difference is between the default sidecar template and the gateway template.

I am defaulting to the older ingress deployment without sidecar injection until things become clearer.

-- James Lombard
Source: StackOverflow