Describe the bug
When viewing environment variables for a pod that has sidecar containers injected via mutating webhook (e.g. Istio's istio-proxy), Headlamp displays "Container not found" for env vars that use resourceFieldRef referencing
the sidecar container.
For example, Istio injects env vars like:
- name: GOMAXPROCS
valueFrom:
resourceFieldRef:
containerName: istio-proxy
resource: limits.cpu
- name: GOMEMLIMIT
valueFrom:
resourceFieldRef:
containerName: istio-proxy
resource: limits.memory Headlamp resolves resourceFieldRef by looking up the container in the pod spec from the API response. However, it appears to look at the deployment template spec rather than the running pod spec. Since sidecar
containers are injected at admission time by a mutating webhook, they exist in the running pod's spec.containers but not in the original deployment template.
Expected behavior
Headlamp should resolve resourceFieldRef using the container list from the actual Pod object (pod.spec.containers + pod.spec.initContainers), not from the Deployment template. This way, sidecar-injected containers
like istio-proxy would be found and their resource limits displayed correctly.
To Reproduce
- Deploy any workload in a namespace with Istio sidecar injection enabled
- Open the pod details in Headlamp
- Expand the environment variables section for the
istio-proxy container
- Observe "Container istio-proxy not found" messages for
GOMAXPROCS, GOMEMLIMIT, ISTIO_CPU_LIMIT env vars
Environment
- Headlamp Version: 0.41.0
- Installation: In-cluster (Helm chart)
- Kubernetes Version: 1.33
- Istio Version: 1.26 (sidecar injection via mutating webhook)
Would you like to fix this bug?
No
Additional context
This affects any sidecar injected via mutating admission webhook, not just Istio. The same issue would occur with Linkerd, Dapr, or any other service mesh / sidecar injector.
Introduced in v0.31.0 via PR #2728.
Describe the bug
When viewing environment variables for a pod that has sidecar containers injected via mutating webhook (e.g. Istio's
istio-proxy), Headlamp displays "Container not found" for env vars that useresourceFieldRefreferencingthe sidecar container.
For example, Istio injects env vars like:
Headlamp resolves
resourceFieldRefby looking up the container in the pod spec from the API response. However, it appears to look at the deployment template spec rather than the running pod spec. Since sidecarcontainers are injected at admission time by a mutating webhook, they exist in the running pod's
spec.containersbut not in the original deployment template.Expected behavior
Headlamp should resolve
resourceFieldRefusing the container list from the actual Pod object (pod.spec.containers+pod.spec.initContainers), not from the Deployment template. This way, sidecar-injected containerslike
istio-proxywould be found and their resource limits displayed correctly.To Reproduce
istio-proxycontainerGOMAXPROCS,GOMEMLIMIT,ISTIO_CPU_LIMITenv varsEnvironment
Would you like to fix this bug?
No
Additional context
This affects any sidecar injected via mutating admission webhook, not just Istio. The same issue would occur with Linkerd, Dapr, or any other service mesh / sidecar injector.
Introduced in v0.31.0 via PR #2728.