Move gitlab sidecar injection

Right now the sidecar inject is disabled on certain things because they prevent gitlab from starting up. When native sidecars are on, they can and should use sidecars.

• remove the changes to sidecar inject that were create here
• revert the values.yaml changes for sidecar inject that were changed here

added to epic &337

marked this issue as blocked by #2048 (closed)

changed epic to &333

changed epic to &337

set weight to 1

added epicblocked kindfeature priority6 teamDevelopment & Ops labels

added gitlab label

changed the description

marked big-bang/product/packages/gitlab#258 (closed) as a duplicate of this issue

mentioned in issue big-bang/product/packages/gitlab#258 (closed)

marked this issue as related to big-bang/product/packages/gitlab#258 (closed)

see here for help with release notes and temporary solutions for enabling istio hardening

This requires an upgrade to K8s 1.29 (or 1.28 with the feature gate enabled) for native sidecars. This gets rid of the istioproxy container and instead builds it into the existing container. This allows jobs to exit gracefully (rather than staying alive forever because istioproxy won't exit), and allows init containers to run because envoy is built into each of them rather than coming up after init containers would run. This requires .Values.istio.values.pilot.env contains {"ENABLE_NATIVE_SIDECARS": true}, so if you are currently passing values there, make sure to add this to them. When upgrading, if desired, you can, but don't have to, force the switch to init containers immediately by restarting all of your istio-supporting pods, e.g.

for ns in $(kubectl get ns -l app.kubernetes.io/part-of=bigbang,istio-injection=enabled --no-headers -o custom-columns=":metadata.name"); do
  kubectl rollout restart deployment -n $ns
  kubectl rollout restart statefulset -n $ns
  kubectl rollout restart daemonset -n $ns
done

If you don't do this immediately, they will switch to init containers on their next restart, but this should be backwards compatible with the istioproxy sidecar containers.

also make sure to add a note about having the charts requiring a kubeversion and to have those charts require a kubeversion (istio-controlplane and BB >=1.28.0-0).

removed epicblocked label

assigned to @andrewshoell

changed milestone to %2.32.0

changed iteration to Big Bang Iterations Jul 9, 2024 - Jul 22, 2024

added statusdoing label

changed the description

mentioned in merge request big-bang/product/packages/gitlab!303 (merged)

mentioned in merge request !4760 (closed)

mentioned in merge request !4768 (merged)

marked the checklist item remove the changes to sidecar inject that were create here as completed

marked the checklist item revert the values.yaml changes for sidecar inject that were changed here as completed

added statusreview label and removed statusdoing label

closed with merge request !4768 (merged)

mentioned in commit a0e63aff

mentioned in issue #2250 (closed)

marked this issue as related to #2250 (closed)