Is this a BUG REPORT or FEATURE REQUEST?:
Uncomment only one, leave it on its own line:
/kind bug
/kind feature
What happened:
In v1.10, 7c5f9e0 introduced the ability to not worry about admission control order because it's handled here
AlwaysPullImages is before MutatingAdmissionWebhook. When trying to use Istio sidecar injection, the pod fails to initialize stating
Error creating: pods "sleep-86f6b99f94-qxvq6" is forbidden: spec.initContainers[0].imagePullPolicy: Unsupported value: "IfNotPresent": supported values: "Always"
In v1.9, everything works as expected when placing AlwaysPullImages after MutatingAdmissionWebhook. If you put AlwaysPullImages before MutatingAdmissionWebhook, the same error above occurs.
What you expected to happen:
In v1.10, when AlwaysPullImages and MutatingAdmissionWebhook are turned on, sidecar injection like Istio should work.
How to reproduce it (as minimally and precisely as possible):
- In v1.10, enable
AlwaysPullImages and MutatingAdmissionWebhook admission controllers.
- Install latest Istio
- Enable sidecar injection
- Enabled istio injection on a namespace ie
kubectl label namespace default istio-injection=enabled
- Deploy anything in that namespace
- Run
kubectl describe rs [REPLICA_SET_NAME]. You should see error events similar to Error creating: pods "sleep-86f6b99f94-qxvq6" is forbidden: spec.initContainers[0].imagePullPolicy: Unsupported value: "IfNotPresent": supported values: "Always"
- Turning off
AlwaysPullImages seems to fix Istio
Anything else we need to know?:
Environment:
- Kubernetes version (use
kubectl version): v1.10.3
- Cloud provider or hardware configuration: acs-engine
- OS (e.g. from /etc/os-release):
- Kernel (e.g.
uname -a):
- Install tools:
- Others:
Is this a BUG REPORT or FEATURE REQUEST?:
/kind bug
What happened:
In v1.10, 7c5f9e0 introduced the ability to not worry about admission control order because it's handled here
AlwaysPullImagesis beforeMutatingAdmissionWebhook. When trying to use Istio sidecar injection, the pod fails to initialize statingError creating: pods "sleep-86f6b99f94-qxvq6" is forbidden: spec.initContainers[0].imagePullPolicy: Unsupported value: "IfNotPresent": supported values: "Always"In v1.9, everything works as expected when placing
AlwaysPullImagesafterMutatingAdmissionWebhook. If you putAlwaysPullImagesbeforeMutatingAdmissionWebhook, the same error above occurs.What you expected to happen:
In v1.10, when
AlwaysPullImagesandMutatingAdmissionWebhookare turned on, sidecar injection like Istio should work.How to reproduce it (as minimally and precisely as possible):
AlwaysPullImagesandMutatingAdmissionWebhookadmission controllers.kubectl label namespace default istio-injection=enabledkubectl describe rs [REPLICA_SET_NAME]. You should see error events similar toError creating: pods "sleep-86f6b99f94-qxvq6" is forbidden: spec.initContainers[0].imagePullPolicy: Unsupported value: "IfNotPresent": supported values: "Always"AlwaysPullImagesseems to fix IstioAnything else we need to know?:
Environment:
kubectl version): v1.10.3uname -a):