kubernetes-sidecar-injector icon indicating copy to clipboard operation
kubernetes-sidecar-injector copied to clipboard

Published 20 hours ago verified publisher icon Kong

Make sure that `Side Cars` are not injected into `kube-system` namespace

Open yskopets opened this issue 6 years ago • 0 comments

Summary

At the moment, it's a default behaviour to inject Side Cars into kube-system namespace.

It shouldn't be a default behaviour.

Additionally, notice that it's not possible to rely on kong-sidecar-injection=disabled label to be always present on kube-system namespace. For example, on GKE labels on kube-system namespace get removed on every Kubernetes upgrade.

Steps to reproduce

  1. Install kubernetes-sidecar-injector into Kubernetes cluster
  2. Delete any pod in kube-system namespace, e.g. coredns

kubernetes-sidecar-injector will try to inject Side Car into a newly created Pod

yskopets avatar Feb 21 '19 11:02 yskopets