Bug 1889916

Summary: service mesh not injecting istio sidecar automatically when using OVN
Product: OpenShift Container Platform Reporter: Oscar Alias <oaliasbo>
Component: NodeAssignee: Ryan Phillips <rphillips>
Status: CLOSED NOTABUG QA Contact: Sunil Choudhary <schoudha>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 4.5CC: aos-bugs, dwalsh, jokerman, kconner, nagrawal, pehunt, tsweeney, william.caban
Target Milestone: ---   
Target Release: 4.7.0   
Hardware: x86_64   
OS: Other   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-10-22 23:18:19 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
must-gather of the istio component none

Description Oscar Alias 2020-10-20 22:10:25 UTC 
Created attachment 1723040 [details]
must-gather of the istio component

Description of problem:
The istio-proxy sidecar is not being inserted automatically in the pods of a project that has been added to the Service Mesh Member Roll.

I am testing with the bookinfo app.


Version-Release number of selected component (if applicable):
OCP 4.5.7
servicemeshoperator.v1.1.10

How reproducible:
After adding a project to the default serviceMeshMemberRoll, and adding the proper annotation sidecar.istio.io/inject: true to the deployments, the resulting pods are not receiving the istio-sidecar. All of this when using OVN as the default CNI.


Steps to Reproduce:
1. Install OpenShift 4.5 using OVNKubernetes as the networkType.
2. Install Service Mesh.
3. Install the Bookinfo app (https://docs.openshift.com/container-platform/4.5/service_mesh/v1x/prepare-to-deploy-applications-ossm.html#ossm-tutorial-bookinfo-install_deploying-applications-ossm-v1x)
3. Resulting pods in the bookinfo project do not get the istio-sidecar pod injected.


Actual results:
-------
$ oc get pods -n bookinfo

NAME                              READY   STATUS    RESTARTS   AGE
details-v1-85cfc44f77-qtkrg       1/1     Running   0          18m
productpage-v1-77f4cd7b99-fwv68   1/1     Running   0          18m
ratings-v1-7f645b6d9c-v292s       1/1     Running   0          18m
reviews-v1-6bb9b6b5cb-69mcl       1/1     Running   0          18m
reviews-v2-5c64497476-f6427       1/1     Running   0          18m
reviews-v3-66cc6db944-mbnn9       1/1     Running   0          18m
-------


Expected results:
-------
$ oc get pods -n bookinfo

NAME                              READY   STATUS    RESTARTS   AGE
details-v1-85cfc44f77-cqdfg       2/2     Running   0          35m
productpage-v1-77f4cd7b99-7zrs9   2/2     Running   0          35m
ratings-v1-7f645b6d9c-5hzs6       2/2     Running   0          35m
reviews-v1-6bb9b6b5cb-5977g       2/2     Running   0          35m
reviews-v2-5c64497476-47whc       2/2     Running   0          35m
reviews-v3-66cc6db944-nbg8p       2/2     Running   0          35m
-------


Additional info:

The istio operator shows the following error messages:

-------
default","error":"unsupported network type: OVNKubernetes","stacktrace":"github.com/go-logr/zapr.(*zapLogger).Error\n\t/builddir/build/BUILD/OPERATOR/src/github.com/maistra/istio-operator/vendor/github.com/go-logr/zapr/zapr.go:128\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/builddir/build/BUILD/OPERATOR/src/github.com/maistra/istio-operator/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:217\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func1\n\t/builddir/build/BUILD/OPERATOR/src/github.com/maistra/istio-operator/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:158\nk8s.io/apimachinery/pkg/util/wait.JitterUntil.func1\n\t/builddir/build/BUILD/OPERATOR/src/github.com/maistra/istio-operator/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:133\nk8s.io/apimachinery/pkg/util/wait.JitterUntil\n\t/builddir/build/BUILD/OPERATOR/src/github.com/maistra/istio-operator/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:134\nk8s.io/apimachinery/pkg/util/wait.Until\n\t/builddir/build/BUILD/OPERATOR/src/github.com/maistra/istio-operator/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:88"}
------
Comment 5 kconner 2020-10-22 23:13:30 UTC 
Enhancement request has been raised, see the Service Mesh product JIRA https://issues.redhat.com/browse/OSSM-282 and the linked MAISTRA project JIRA https://issues.redhat.com/browse/MAISTRA-1946

Please note the operator will have a reconciliation error stating that this network provides is unsupported.

2020-10-16T17:08:55.354828385Z {"level":"error","ts":1602868135.3547785,"logger":"kubebuilder.controller","msg":"Reconciler error","controller":"servicemeshmemberroll-controller","request":"istio-system/default","error":"unsupported network type: OVNKubernetes"
Comment 6 Ryan Phillips 2020-10-22 23:18:19 UTC 
Closing as NOTABUG since this is an enhancement.