Check sidecar not right #602
Description
Currently we check whether a pod has sidecar injected based on below function in bypass controller
func checkSidecar(client kubernetes.Interface, pod *corev1.Pod) (bool, error) {
namespace, err := client.CoreV1().Namespaces().Get(context.TODO(), pod.Namespace, metav1.GetOptions{})
if err != nil {
return false, err
}
if value, ok := namespace.Labels["istio-injection"]; ok && value == "enabled" {
return true, nil
}
if _, ok := pod.Annotations[SidecarAnnotation]; ok {
return true, nil
}
return false, nil
}
Maybe it is also not right in cni, i havn't look into yet.
Because a namespace with istio-injection: enabled label doesnot mean a pod within it has a sidecar.