Open darkn3rd opened 1 year ago
One reason I have to do manual injection with nginx-mesh-ctl
inject is because there's no mechanism to exclude outbound/inbound for auto-injection, such as adding an annotation in the deployment spec template for example.
One reason I have to do manual injection with
nginx-mesh-ctl
inject is because there's no mechanism to exclude outbound/inbound for auto-injection, such as adding an annotation in the deployment spec template for example.
See:
That is great. Is there a web hook to auto-inject the side car based on annotations? Or is this now using labels at pod or namespace level? I would like to (1) only do injection when annotation is specified and (2) a web hook would use the annotation at pod or namespace, (3) have an annotation that can ignore ports, so when the web hook adds the side car, is plugs in the appropriate values. For (2) I guess a label is fine, not sure what the standard practice is for this.
If auto-injection is enabled, can it be limited to only pods/namespaces that have the label (or annotation)?
Yes, if you take a look just above the Pod Annotation table that I linked above, you can see the injector.nsm.nginx.com/auto-inject
Label, which be used on a Namespace or Pod to either enable or disable injection.
The recommended pattern here is to deploy the mesh with the --disable-auto-inject
field set, and then enable the namespaces or pods that you want to have the sidecar using the label.
@darkn3rd Can you please us know if the above recommendation resolves your error?
Ahhh....with a more detailed reading of this ticket looks like there is more than one issue here. I'll create a bug and add to our backlog the CRD issue.
When using manual injection with
nginx-meshctl inject
, there will be an errorSTEPS
EXPECT RESULT
There wouldn't be an error for CRDs that are used by NGINX Ingress Controller like VirtualServer
ACTUAL RESULT
NOTES/CONTEXT
I typically use
helm template blah | nginx-meshctl inject
orhelmfile template | nginx-meshctl inject
. These have a variety of resources created. With this limitation, I have to create multiple charts or helmfiles to segregate out the NGINX IC CRDs that cause errors.NGINX tools should APIs created by NGINX.