Bug 1889916 - service mesh not injecting istio sidecar automatically when using OVN
Summary: service mesh not injecting istio sidecar automatically when using OVN
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Node
Version: 4.5
Hardware: x86_64
OS: Other
Target Milestone: ---
: 4.7.0
Assignee: Ryan Phillips
QA Contact: Sunil Choudhary
Depends On:
TreeView+ depends on / blocked
Reported: 2020-10-20 22:10 UTC by Oscar Alias
Modified: 2020-10-22 23:18 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2020-10-22 23:18:19 UTC
Target Upstream Version:

Attachments (Terms of Use)
must-gather of the istio component (2.22 MB, application/gzip)
2020-10-20 22:10 UTC, Oscar Alias
no flags Details

Description Oscar Alias 2020-10-20 22:10:25 UTC
Created attachment 1723040 [details]
must-gather of the istio component

Description of problem:
The istio-proxy sidecar is not being inserted automatically in the pods of a project that has been added to the Service Mesh Member Roll.

I am testing with the bookinfo app.

Version-Release number of selected component (if applicable):
OCP 4.5.7

How reproducible:
After adding a project to the default serviceMeshMemberRoll, and adding the proper annotation sidecar.istio.io/inject: true to the deployments, the resulting pods are not receiving the istio-sidecar. All of this when using OVN as the default CNI.

Steps to Reproduce:
1. Install OpenShift 4.5 using OVNKubernetes as the networkType.
2. Install Service Mesh.
3. Install the Bookinfo app (https://docs.openshift.com/container-platform/4.5/service_mesh/v1x/prepare-to-deploy-applications-ossm.html#ossm-tutorial-bookinfo-install_deploying-applications-ossm-v1x)
3. Resulting pods in the bookinfo project do not get the istio-sidecar pod injected.

Actual results:
$ oc get pods -n bookinfo

NAME                              READY   STATUS    RESTARTS   AGE
details-v1-85cfc44f77-qtkrg       1/1     Running   0          18m
productpage-v1-77f4cd7b99-fwv68   1/1     Running   0          18m
ratings-v1-7f645b6d9c-v292s       1/1     Running   0          18m
reviews-v1-6bb9b6b5cb-69mcl       1/1     Running   0          18m
reviews-v2-5c64497476-f6427       1/1     Running   0          18m
reviews-v3-66cc6db944-mbnn9       1/1     Running   0          18m

Expected results:
$ oc get pods -n bookinfo

NAME                              READY   STATUS    RESTARTS   AGE
details-v1-85cfc44f77-cqdfg       2/2     Running   0          35m
productpage-v1-77f4cd7b99-7zrs9   2/2     Running   0          35m
ratings-v1-7f645b6d9c-5hzs6       2/2     Running   0          35m
reviews-v1-6bb9b6b5cb-5977g       2/2     Running   0          35m
reviews-v2-5c64497476-47whc       2/2     Running   0          35m
reviews-v3-66cc6db944-nbg8p       2/2     Running   0          35m

Additional info:

The istio operator shows the following error messages:

default","error":"unsupported network type: OVNKubernetes","stacktrace":"github.com/go-logr/zapr.(*zapLogger).Error\n\t/builddir/build/BUILD/OPERATOR/src/github.com/maistra/istio-operator/vendor/github.com/go-logr/zapr/zapr.go:128\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/builddir/build/BUILD/OPERATOR/src/github.com/maistra/istio-operator/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:217\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func1\n\t/builddir/build/BUILD/OPERATOR/src/github.com/maistra/istio-operator/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:158\nk8s.io/apimachinery/pkg/util/wait.JitterUntil.func1\n\t/builddir/build/BUILD/OPERATOR/src/github.com/maistra/istio-operator/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:133\nk8s.io/apimachinery/pkg/util/wait.JitterUntil\n\t/builddir/build/BUILD/OPERATOR/src/github.com/maistra/istio-operator/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:134\nk8s.io/apimachinery/pkg/util/wait.Until\n\t/builddir/build/BUILD/OPERATOR/src/github.com/maistra/istio-operator/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:88"}

Comment 5 kconner 2020-10-22 23:13:30 UTC
Enhancement request has been raised, see the Service Mesh product JIRA https://issues.redhat.com/browse/OSSM-282 and the linked MAISTRA project JIRA https://issues.redhat.com/browse/MAISTRA-1946

Please note the operator will have a reconciliation error stating that this network provides is unsupported.

2020-10-16T17:08:55.354828385Z {"level":"error","ts":1602868135.3547785,"logger":"kubebuilder.controller","msg":"Reconciler error","controller":"servicemeshmemberroll-controller","request":"istio-system/default","error":"unsupported network type: OVNKubernetes"

Comment 6 Ryan Phillips 2020-10-22 23:18:19 UTC
Closing as NOTABUG since this is an enhancement.

Note You need to log in before you can comment on or make changes to this bug.