We’re trying to use istio, but we have a requirement to use a Docker repo hosted on Azure instead of the images on docker.io.
I used istioctl manifest generate
to create the manifest and modified the generated yaml replacing docker.io with the host of our private ACR. I also modified the yaml adding imagePullSecrets to the ingress-gateway and istiod Deployments. I also replaced the json for the config of imagePullSecrets with
"imagePullSecrets": [
"name": "REPLACE_WITH_CREDS"
],
Istio seems to install OK. istiod and ingress-gateway are both running using images hosted on our instance of ACR. But whenever a sidecar needs to be created for a stateful set, I get the following error when describing the pod:
Type Reason Age From Message
---- ------ ---- ---- -------
Warning FailedCreate 79s (x16 over 4m3s) statefulset-controller create Pod helper-0 in StatefulSet helper failed error: admission webhook "sidecar-injector.istio.io" denied the request: failed to run injection template: could not parse configuration values: json: cannot unmarshal object into Go value of type string
I saw this error, until I ran kubectl edit -n istio-system cm istio-sidecar-injector
and reverted the values for hub
and imagePullSecrets
to the orginal values.
This is what the config looked like before reverting:
"hub": "privaterepo.azurecr.io/istio",
"imagePullPolicy": "",
"imagePullSecrets": [
{
"name": "dockerCredsSecret"
}
],
After reverting, the statefulset and its pod came up but using the copies from docker.io. Are there any tutorials I can follow to guide me through the process of using a Docker repo other than docker.io?
-Javier