Skip to content

Latest commit

 

History

History
78 lines (54 loc) · 2.3 KB

02.MD

File metadata and controls

78 lines (54 loc) · 2.3 KB

Task 02: Inject istio into single pod

Step 1: Switch to Correct Context

kubectl config use-context cluster3-admin@cluster3

Step 2: Check Current State

# Check if namespace has injection label
kubectl get namespace orange --show-labels

# Check existing pods
kubectl get pods -n orange

Step 3: Patch Existing Pod

kubectl get pod sidecar-pod -n orange -o yaml > /tmp/sidecar-pod.yaml 

# Inject sidecar using istioctl
kubectl get pod -n orange sidecar-pod -o yaml | istioctl kube-inject -f - | kubectl replace --force -f -

Step 4: Verify the Injection

# Check that the pod has 2 containers (app + istio-proxy)
kubectl get pod sidecar-pod -n orange

# Should show 2/2 READY
Example output:
 NAME          READY   STATUS    RESTARTS   AGE
 sidecar-pod   2/2     Running   0          30s

# Verify containers
kubectl get pod sidecar-pod -n orange -o jsonpath='{.spec.containers[*].name}'
# Should show: app istio-proxy

# Check annotations
kubectl get pod sidecar-pod -n orange -o jsonpath='{.metadata.annotations}'

# Verify only one pod has sidecar in the namespace
kubectl get pods -n orange -o custom-columns=NAME:.metadata.name,CONTAINERS:.spec.containers[*].name

Step 5: Ensure Namespace Is Not Modified

# Verify the namespace doesn't have injection label
kubectl get namespace orange -o jsonpath='{.metadata.labels}'

# The output should NOT contain: istio-injection=enabled
# If it does, remove it:
kubectl label namespace orange istio-injection-

Verification Commands

# Verify pod has exactly 2 containers
kubectl get pod sidecar-pod -n orange -o jsonpath='{.spec.containers[*].name}' | grep -q "istio-proxy" && echo "Sidecar injected" || echo "No sidecar"

# Verify annotation exists
kubectl get pod sidecar-pod -n orange -o jsonpath='{.metadata.annotations.sidecar\.istio\.io/inject}' | grep -q "true" && echo "Annotation correct" || echo "Missing annotation"

# Count pods with sidecars in orange namespace
kubectl get pods -n orange -o json | jq '[.items[] | select(.spec.containers | length > 1)] | length'
# Should output: 1

# Verify namespace label is not set
kubectl get namespace orange -o jsonpath='{.metadata.labels.istio-injection}' | grep -q "enabled" && echo "ERROR: Namespace labeled" || echo "OK: Namespace not labeled"