Previous istio proxyv2:1.7.5 is used with Prometheus with istio 1.8.x

bethmage · January 28, 2021, 12:09pm

Provision Istio certificates for Prometheus is by injecting a sidecar which will rotate SDS certificates and output them to a volume that can be shared with Prometheus as described here : Istio / Prometheus

Pod level annotaions:
spec:
  template:
    metadata:
      annotations:
        sidecar.istio.io/inject: "true"
        traffic.sidecar.istio.io/includeInboundPorts: ""   # do not intercept any inbound ports
        traffic.sidecar.istio.io/includeOutboundIPRanges: ""  # do not intercept any outbound traffic
        proxy.istio.io/config: |  # configure an env variable `OUTPUT_CERTS` to write certificates to the given folder
....

Above works fine with Pods running in strict mTLS enabled namespace.

But the added istio-proxy to the prometheus-server pod uses the image: docker.io/istio/proxyv2:1.7.5
Why is this the case ? Is hard coded or some other reason ?

Adding below annotation also not work:
sidecar.istio.io/proxyImage: docker.io/istio/proxyv2:1.8.2

Topic		Replies	Views
Blocked(v 1.6.8) in creating istio-certs(/etc/istio-certs) for prometheus with metadata annotations using proxy.istio.io config Policies and Telemetry	3	413	December 21, 2020
Scrape mtls enabled pod metrics from external non-mtls prometheus in istio 1.5	2	1255	April 9, 2020
Can't scrape metrics using 1.7.3 Policies and Telemetry	3	768	February 26, 2021
BYO Prometheus with mTLS Policies and Telemetry	18	6274	December 21, 2020
503 between pod to pod communication (1.5.1)	23	12072	October 12, 2021

Previous istio proxyv2:1.7.5 is used with Prometheus with istio 1.8.x

Related topics