Service "istio-sidecar-injector" not found

LobsterMan · March 30, 2020, 10:59am

Hi,

I’m new to Istio in general, recently I took over a kubeflow project using istio on EKS.

I recently moved the istio deployments to a newly created node group (using NodeSelector in the deployment) to help protect it from being autoscaled. And now I’m having this weird problem.

At first, istio-ingressgateway had 0/1 pods, and investigation showed that it was happening because of the following error:
$ kubectl describe deploy istio-ingressgateway -n istio-system

  Type     Reason        Age                  From                   Message
  ----     ------        ----                 ----                   -------
  Warning  FailedCreate  14m (x115 over 26h)  replicaset-controller  Error creating: Internal error occurred: failed calling webhook "sidecar-injector.istio.io": Post https://istio-sidecar-injector.istio.svc:443/inject?timeout=30s: service "istio-sidecar-injector" not found

But when I run
$ kubectl get service istio-sidecar-injector -n istio-system
I get

NAME                     TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)   AGE
istio-sidecar-injector   ClusterIP   10.100.85.254   <none>        443/TCP   66d

So the service appears to be there. I tried backing up, deleting and restoring the istio-sidecar-injector deployment, and now also istio-sidecar-injector fails with the same error.

Any idea what can be causing this?

Thanks in advance

howardjohn · March 30, 2020, 2:48pm

The inrgess gateway should not be getting auto injected. I suggest inspecting the configuration of the webhook (kubectl get mutatingwebhookconfigurations.admissionregistration.k8s.io -oyaml) to determine how it is configured. Likely this mean istio-system is label istio-injection=enabled maybe?

LobsterMan · March 30, 2020, 3:33pm

Thank you @howardjohn That was the issue! I have no idea how that label go there, but the services are running now.

But I can’t seem to connect to my cluster (kubeflow on port 80) and when I run get ingress i see it does not have an address.

$  kubectl get ingress -n istio-system
NAME            HOSTS   ADDRESS   PORTS   AGE
istio-ingress   *                 80      67d

palani_samy · April 19, 2021, 11:13am

Hi i am also running with same issue now, but i am not able to find thee value istio-injection=enabled inside istio-sidecar-injector when i am doing json format

kubectl -n istio-system get configmap istio-sidecar-injector -o=jsonpath=’{.data.config}’

could you please help me

Topic		Replies	Views
Calling webhook "sidecar-injector.istio.io" failed. Post failed with i/o timeout	11	15842	October 23, 2020
Failed calling webhook “namespace.sidecar-injector.istio.io” Networking	0	2544	September 1, 2021
Istio sidecar manual injection failed Config	2	585	December 24, 2020
Automatic sidecar injection doesn't work, calling admission webhook "sidecar-injector.istio.io" timeout Config	1	2503	August 24, 2019
Internal error occurred: failed calling admission webhook "sidecar-injector.istio.io": Post https://istio-sidecar-injector.istio-system.svc:443/inject?timeout=30s: no endpoints available for service "istio-sidecar-injector Networking	0	664	September 20, 2019

Service "istio-sidecar-injector" not found

Related topics