Sign inTry Free

Important

The SingleStore 9.1 release candidate (RC) gives you the opportunity to preview, evaluate, and provide feedback on new and upcoming features prior to their general availability. In the interim, SingleStore 9.0 is recommended for production workloads, which can later be upgraded to SingleStore 9.1.

Disable Service Mesh Sidecar Injection

On this page

When SingleStore runs in a Kubernetes cluster that uses a service mesh, sidecar proxy containers may be automatically injected into SingleStore pods. These sidecars can interfere with internal node-to-node communication, health checks, and Operator reconciliation.

Disable sidecar injection for all SingleStore components.

Disable Sidecar Injection for the Operator

In the sdb-operator.yaml file, add the appropriate annotation to the pod template metadata. The following example uses Istio:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: sdb-operator
  labels:
    app.kubernetes.io/component: operator
spec:
  replicas: 1
  selector:
    matchLabels:
      name: sdb-operator
  template:
    metadata:
      annotations:
        sidecar.istio.io/inject: "false"
      labels:
        name: sdb-operator
    spec:
      serviceAccountName: sdb-operator
      containers:
        - name: sdb-operator
          image: operator_image_tag
          ...

Disable Sidecar Injection for SingleStore Pods

In the sdb-cluster.yaml file, add the annotation under objectMetaOverrides for each node specification. Apply the annotation to the Master Aggregator, child aggregators, and leaves.

spec:
  objectOverrides:
    all:
      annotations:
        sidecar.istio.io/inject: "false"
  
  masterAggregatorSpec:
    count: 1
    cores: 4
    coresLimit: 4
    storageGB: 256
    storageClass: standard

  childAggregatorSpec:
    count: 1
    cores: 4
    coresLimit: 4
    storageGB: 256
    storageClass: standard

  leafSpec:
    count: 2
    cores: 8
    coresLimit: 8
    storageGB: 1024
    storageClass: standard

Service Mesh Annotations

The annotation used to disable sidecar injection depends on the service mesh:

Service Mesh

AnnotationAnnotation

Istio

sidecar.istio.io/inject: "false"

Linkerd

linkerd.io/inject: disabled

Consul Connect

consul.hashicorp.com/connect-inject: "false"

Last modified:

Was this article helpful?

On this page

Was this article helpful?

Verification instructions

Note: You must install cosign to verify the authenticity of the SingleStore file.

Use the following steps to verify the authenticity of singlestoredb-server, singlestoredb-toolbox, singlestoredb-studio, and singlestore-client SingleStore files that have been downloaded.

You may perform the following steps on any computer that can run cosign, such as the main deployment host of the cluster.

  1. (Optional) Run the following command to view the associated signature files.

    curl undefined

  2. Download the signature file from the SingleStore release server.

    • Option 1: Click the Download Signature button next to the SingleStore file.

    • Option 2: Copy and paste the following URL into the address bar of your browser and save the signature file.

    • Option 3: Run the following command to download the signature file.

      curl -O undefined

  3. After the signature file has been downloaded, run the following command to verify the authenticity of the SingleStore file.

    echo -n undefined |
        cosign verify-blob --certificate-oidc-issuer https://oidc.eks.us-east-1.amazonaws.com/id/CCDCDBA1379A5596AB5B2E46DCA385BC \
          --certificate-identity https://kubernetes.io/namespaces/freya-production/serviceaccounts/job-worker \
          --bundle undefined \
          --new-bundle-format -
    Verified OK

Try Out This Notebook to See What’s Possible in SingleStore

Get access to other groundbreaking datasets and engage with our community for expert advice.

Sign UpLog In