local-path-provisioner
local-path-provisioner copied to clipboard
rancher
Not working in clusters with injected containers - like with Istio; Suggest adding to docs the fix
Hello, I tried using this in a cluster where I have Istio running - which is injecting a side container for every pod. Because of that, the POD status is always 'Running' and it never gets completed, even if the actual work of the script ('setup') is correctly done, and ends with timeouts.
I recommend adding the following information + fix to the documentation: There are 2 types of possible solutions: a) try to tell the system (Istio in my case) to NOT inject that container. It works if your setup script does not have to communicate with the outside world (the default, since it is just doing a mkdir) For istio, it is a matter of adding some annotations, so you will need to change the definition of the helper pod, to:
apiVersion: v1
kind: Pod
metadata:
name: helper-pod
# if we allow istio to be injected, then the status of the POD will always be 'Running'
# there are 2 workarounds:
# a) tell istio to not add it (ok if no communication is done in setup/teardown)
# see : https://github.com/istio/istio/issues/11045#issuecomment-455780604
# b) change command of helper pod to kill the istio injected container (it is having a /quitquitquit endpoint)
# see https://github.com/istio/istio/issues/6324#issuecomment-461328683
annotations:
sidecar.istio.io/inject: "false"
spec:
containers:
- name: helper-pod
image: alpine
Note: using 'alpine' instead of the default 'busybox' is just a particularity of my setup - I want to create btrfs subvolumes instead of simple directories
b) tell somehow, to the injected container, at the end of your setup command, to exit. Istio provides such an endpoint. Or you can kill the injected container. See thread at https://github.com/istio/istio/issues/6324
Regards.
