Istio Sidecar Issues with JNLP Agent and Confluence

Has anyone had any luck with deploying Istio sidecars with Jenkins JNLP Agent pods and/or Confluence webpage pod?

The JNLP Agent gets created by the Kubernetes plugin in Jenkins but can’t talk back to Jenkins, I’m assuming this is related to a headless deployment but couldn’t find much about this.

Confluence works when accessing the nodePort but when put behind the ingress gateway it returns an error that seems like a header issue, something like " is supposed to be a lower hex number" and that random string changes each time I refresh. I get the same error if I don’t use one of the example sidecar configs and list the two ports.

If you did get this working with the JNLP agent or Confluence I would really appreciate assistance or documentation I can dig into (other than google, I’ve almost memorized all the links by now).

I too have exactly the same issue…

Any ideas?

I also got hit by this one!

This was the fix that worked for us

  1. Ensure the jenkins pod ‘has’ ISTIO sideloaded as normall

  2. Add the annotation “traffic.sidecar.istio.io/excludeOutboundIPRanges” and specify the address of your jenkins master…

    Something like this…

    podTemplate(
             cloud: cloudDefinition,
             yaml: podDefinition,
             annotations: [
               podAnnotation(key: "traffic.sidecar.istio.io/excludeOutboundIPRanges", value: "jenkinsiprange/24")
         ])
    

Hope this helps