bugfix: generate sidecar injection configmap install files from templ…

…ate (istio#2848)

* generate sidecar injection configmap install files from template

* another fix for release template

install/kubernetes/templates/istio-sidecar-injector-configmap-debug.yaml.tmpl

@@ -1,105 +1,107 @@
 kind: ConfigMap
 metadata:
   name: istio-inject
+  namespace: {ISTIO_NAMESPACE}
 apiVersion: v1
 data:
-  policy: enabled
-  template: |-
-    initContainers:
-    - name: istio-init
-      image: {PILOT_HUB}/proxy_init:{PILOT_TAG}
-      args:
-      - "-p"
-      - {{ .MeshConfig.ProxyListenPort }}
-      - "-u"
-      - 1337
-      imagePullPolicy: IfNotPresent
-      securityContext:
-        capabilities:
-          add:
-          - NET_ADMIN
-        privileged: true
-      restartPolicy: Always
-    - args:
-      - -c
-      - sysctl -w kernel.core_pattern=/etc/istio/proxy/core.%e.%p.%t && ulimit -c
-        unlimited
-      command:
-      - /bin/sh
-      image: alpine
-      imagePullPolicy: IfNotPresent
-      name: enable-core-dump
-      resources: {}
-      securityContext:
-        privileged: true
-    containers:
-    - name: istio-proxy
-      image: {PILOT_HUB}/{PROXY_IMAGE}:{PILOT_TAG}
-      args:
-      - proxy
-      - sidecar
-      - --configPath
-      - {{ .ProxyConfig.ConfigPath }}
-      - --binaryPath
-      - {{ .ProxyConfig.BinaryPath }}
-      - --serviceCluster
-      {{ if ne "" (index .ObjectMeta.Labels "app") -}}
-      - {{ index .ObjectMeta.Labels "app" }}
-      {{ else -}}
-      - "istio-proxy"
-      {{ end -}}
-      - --drainDuration
-      - 2s
-      - --parentShutdownDuration
-      - 3s
-      - --discoveryAddress
-      - {{ .ProxyConfig.DiscoveryAddress }}
-      - --discoveryRefreshDelay
-      - 1s
-      - --zipkinAddress
-      - {{ .ProxyConfig.ZipkinAddress }}
-      - --connectTimeout
-      - 1s
-      - --statsdUdpAddress
-      - {{ .ProxyConfig.StatsdUdpAddress }}
-      - --proxyAdminPort
-      - {{ .ProxyConfig.ProxyAdminPort }}
-      - --controlPlaneAuthPolicy
-      - {{ .ProxyConfig.ControlPlaneAuthPolicy }}
-      env:
-      - name: POD_NAME
-        valueFrom:
-          fieldRef:
-            fieldPath: metadata.name
-      - name: POD_NAMESPACE
-        valueFrom:
-          fieldRef:
-            fieldPath: metadata.namespace
-      - name: INSTANCE_IP
-        valueFrom:
-          fieldRef:
-            fieldPath: status.podIP
-      imagePullPolicy: IfNotPresent
-      securityContext:
+  config: |
+    policy: enabled
+    template: |-
+      initContainers:
+      - name: istio-init
+        image: {PILOT_HUB}/proxy_init:{PILOT_TAG}
+        args:
+        - "-p"
+        - {{ .MeshConfig.ProxyListenPort }}
+        - "-u"
+        - 1337
+        imagePullPolicy: IfNotPresent
+        securityContext:
+          capabilities:
+            add:
+            - NET_ADMIN
           privileged: true
-          readOnlyRootFilesystem: false
-          runAsUser: 1337
-      restartPolicy: Always
-      volumeMounts:
-      - mountPath: /etc/istio/proxy
-        name: istio-envoy
-      - mountPath: /etc/certs/
-        name: istio-certs
-        readOnly: true
-    volumes:
-    - emptyDir:
-        medium: Memory
-      name: istio-envoy
-    - name: istio-certs
-      secret:
-        optional: true
-        {{ if eq .Spec.ServiceAccountName "" -}}
-        secretName: istio.default
+        restartPolicy: Always
+      - args:
+        - -c
+        - sysctl -w kernel.core_pattern=/etc/istio/proxy/core.%e.%p.%t && ulimit -c
+          unlimited
+        command:
+        - /bin/sh
+        image: alpine
+        imagePullPolicy: IfNotPresent
+        name: enable-core-dump
+        resources: {}
+        securityContext:
+          privileged: true
+      containers:
+      - name: istio-proxy
+        image: {PILOT_HUB}/{PROXY_IMAGE}:{PILOT_TAG}
+        args:
+        - proxy
+        - sidecar
+        - --configPath
+        - {{ .ProxyConfig.ConfigPath }}
+        - --binaryPath
+        - {{ .ProxyConfig.BinaryPath }}
+        - --serviceCluster
+        {{ if ne "" (index .ObjectMeta.Labels "app") -}}
+        - {{ index .ObjectMeta.Labels "app" }}
         {{ else -}}
-        secretName: {{ printf "istio.%s" .Spec.ServiceAccountName }}
+        - "istio-proxy"
         {{ end -}}
+        - --drainDuration
+        - 2s
+        - --parentShutdownDuration
+        - 3s
+        - --discoveryAddress
+        - {{ .ProxyConfig.DiscoveryAddress }}
+        - --discoveryRefreshDelay
+        - 1s
+        - --zipkinAddress
+        - {{ .ProxyConfig.ZipkinAddress }}
+        - --connectTimeout
+        - 1s
+        - --statsdUdpAddress
+        - {{ .ProxyConfig.StatsdUdpAddress }}
+        - --proxyAdminPort
+        - {{ .ProxyConfig.ProxyAdminPort }}
+        - --controlPlaneAuthPolicy
+        - {{ .ProxyConfig.ControlPlaneAuthPolicy }}
+        env:
+        - name: POD_NAME
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.name
+        - name: POD_NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        - name: INSTANCE_IP
+          valueFrom:
+            fieldRef:
+              fieldPath: status.podIP
+        imagePullPolicy: IfNotPresent
+        securityContext:
+            privileged: true
+            readOnlyRootFilesystem: false
+            runAsUser: 1337
+        restartPolicy: Always
+        volumeMounts:
+        - mountPath: /etc/istio/proxy
+          name: istio-envoy
+        - mountPath: /etc/certs/
+          name: istio-certs
+          readOnly: true
+      volumes:
+      - emptyDir:
+          medium: Memory
+        name: istio-envoy
+      - name: istio-certs
+        secret:
+          optional: true
+          {{ if eq .Spec.ServiceAccountName "" -}}
+          secretName: istio.default
+          {{ else -}}
+          secretName: {{ printf "istio.%s" .Spec.ServiceAccountName }}
+          {{ end -}}