Istio Sidecar Issues with JNLP Agent and Confluence

Has anyone had any luck with deploying Istio sidecars with Jenkins JNLP Agent pods and/or Confluence webpage pod?

The JNLP Agent gets created by the Kubernetes plugin in Jenkins but can’t talk back to Jenkins, I’m assuming this is related to a headless deployment but couldn’t find much about this.

Confluence works when accessing the nodePort but when put behind the ingress gateway it returns an error that seems like a header issue, something like " is supposed to be a lower hex number" and that random string changes each time I refresh. I get the same error if I don’t use one of the example sidecar configs and list the two ports.

If you did get this working with the JNLP agent or Confluence I would really appreciate assistance or documentation I can dig into (other than google, I’ve almost memorized all the links by now).

I too have exactly the same issue…

Any ideas?

I also got hit by this one!

This was the fix that worked for us

1. Ensure the jenkins pod ‘has’ ISTIO sideloaded as normall

2. Add the annotation “traffic.sidecar.istio.io/excludeOutboundIPRanges” and specify the address of your jenkins master…

   Something like this…

   podTemplate(
            cloud: cloudDefinition,
            yaml: podDefinition,
            annotations: [
              podAnnotation(key: "traffic.sidecar.istio.io/excludeOutboundIPRanges", value: "jenkinsiprange/24")
        ])
   

Hope this helps

We found a slightly different fix:
https://jira.atlassian.com/browse/CONFSERVER-59477

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
…
headers:
#https://jira.atlassian.com/browse/CONFSERVER-59477
request:
remove:
- x-b3-sampled
add:
x-b3-sampled: ‘0’