Installing CNI - update sidecar config

tiswanso · April 3, 2019, 3:35pm

Hi Sourabh,

To make sure I understand, you want to modify an existing Istio install’s istio-sidecar-injector configmap to enable Istio CNI, right? If that’s the case, what needs to be done is to edit the template and remove the istio-init entry in the initContainers section. That will allow you to use auto-sidecar injection OR istioctl as shown in the Istio CNI install guide.

You can see a detailed example of what the istio_cni.enabled=true helm setting does via:

~/tmp/istio/istio-1.1.1 helm template install/kubernetes/helm/istio --name istio --namespace istio-system \
  --set istio_cni.enabled=true > ~/tmp/istio_instalL_cni.yaml

~/tmp/istio/istio-1.1.1 helm template install/kubernetes/helm/istio --name istio --namespace istio-system > ~/tmp/istio_instalL_nocni.yaml

~/tmp/istio/istio-1.1.1 diff ~/tmp/istio_instalL_cni.yaml ~/tmp/istio_instalL_nocni.yaml
658a659,695
>       initContainers:
>       [[ if ne (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) "NONE" ]]
>       - name: istio-init
>         image: "docker.io/istio/proxy_init:1.1.1"
>         args:
>         - "-p"
>         - [[ .MeshConfig.ProxyListenPort ]]
>         - "-u"
>         - 1337
>         - "-m"
>         - [[ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode ]]
>         - "-i"
>         - "[[ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges`  "*"  ]]"
>         - "-x"
>         - "[[ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges`  ""  ]]"
>         - "-b"
>         - "[[ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` (includeInboundPorts .Spec.Containers) ]]"
>         - "-d"
>         - "[[ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port`  15020 ) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts`  "" ) ]]"
>         [[ if (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces`) -]]
>         - "-k"
>         - "[[ index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces` ]]"
>         [[ end -]]
>         imagePullPolicy: IfNotPresent
>         resources:
>           requests:
>             cpu: 10m
>             memory: 10Mi
>           limits:
>             cpu: 100m
>             memory: 50Mi
>         securityContext:
>           capabilities:
>             add:
>             - NET_ADMIN
>         restartPolicy: Always
>       [[ end -]]

Hope this helps!
–Tim

Topic		Replies	Views
Istio CNI integration with Istio 1.0.x	2	805	April 4, 2019
Install istio-cni via helm Networking	2	454	May 19, 2023
Istio CNI with microk8s Networking	4	976	February 16, 2022
How to deploy istio with CNI using helm	0	267	February 8, 2023
Istio-cni "istio-iptables.sh: No such file or directory" Networking	1	970	June 23, 2020

Installing CNI - update sidecar config

Related Topics