All Pods Have sidecars Injected
Description
An istio-proxy container must exist in all pods of a Service. Otherwise, this item is abnormal.
Rectification Guide
- Log in to the ASM console and select the mesh to which the service is added. In the navigation pane on the left, choose Mesh Configuration, click the Sidecar Management tab, and check whether a sidecar is injected into the namespace to which the service belongs.
- Inject a sidecar.
You can inject sidecars for pods of all workloads in the namespace. For details, see Injecting a Sidecar. You can also inject sidecars for a workload as follows:
- Label the namespace where the workload is located with istio-injection=enabled.
kubectl label ns <namespace> istio-injection=enabled
- Add the annotations field for the workload on the CCE console.
annotations: sidecar.istio.io/inject: 'true'
For more details about sidecar injection, see Installing the Sidecar.
- Label the namespace where the workload is located with istio-injection=enabled.
- If namespace injection is enabled for the cluster but no sidecar is injected into the pod, you need to manually restart the pod on the CCE console as follows:
On the CCE console, choose More > Redeploy in the Operation column of the target workload.
- Check whether the host network mode is configured for the workload as follows:
On the CCE console, choose More > Edit YAML in the Operation column of the target workload, and check whether spec.template.spec.hostNetwork: true is configured. If yes, check whether this field can be deleted or set to false. Otherwise, sidecars cannot be injected.
- Check whether the number of mesh pods exceeds the package quota.
As shown in Figure 1, if the total number of pods exceeds the mesh scale, the excess pods cannot be injected with sidecars.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.
