How to disable Istio sidecar injection for the Kubernetes Job?
apiVersion: batch/v1beta1
kind: CronJob
metadata:
name: pod-restart
spec:
concurrencyPolicy: Forbid
schedule: '0 8 * * *'
jobTemplate:
metadata:
annotations:
sidecar.istio.io/inject: "false"
spec:
backoffLimit: 2
activeDeadlineSeconds: 600
template:
spec:
serviceAccountName: pod-restart
restartPolicy: Never
containers:
- name: kubectl
image: bitnami/kubectl
command: ['kubectl', 'rollout', 'restart', 'deployment/myapp']
Sidecar still gets injected.
The annotation is in wrong place. You have to put it on the pod template.
apiVersion: batch/v1beta1
kind: CronJob
metadata:
spec:
jobTemplate:
spec:
template:
metadata:
annotations:
sidecar.istio.io/inject: "false"
There is working CronJob example with istio injection disabled.
apiVersion: batch/v1beta1
kind: CronJob
metadata:
name: hello
spec:
schedule: "*/1 * * * *"
jobTemplate:
spec:
template:
metadata:
annotations:
sidecar.istio.io/inject: "false"
spec:
containers:
- name: hello
image: busybox
args:
- /bin/sh
- -c
- date; echo "Hello, World!"
restartPolicy: OnFailure
Also there is related github issue about that.