POD not getting sidecar even though injection is requested

What's going on?

PODs are not getting sidecars, even though the injection is requested. Funnily I got it to work once on a training cluster, and then I deleted the cluster and I can't get it to work again.

Expected Behavior

PODs should get created with sidecar.


I just went through the documentation step by step, and I can't identify what I'm doing wrong, or what I did differently that one time I got it to work.

Here are some logs for when the debian-debug POD gets deployed, but no sidecar. - - [23/Mar/2022:15:16:18 +0000] "GET /health HTTP/2.0" 200 12 "" "kube-probe/1.21"
I0323 15:16:21.450826       1 webhook.go:510] AdmissionReview for Kind=/v1, Kind=Pod, Namespace=default Name= () UID=37184454-a6e7-4f35-be04-8eeaedf85265 patchOperation=CREATE UserInfo={system:serviceaccount:kube-system:replicaset-controller 4b17f21d-590c-4d37-acf2-5096af5e70cd [system:serviceaccounts system:serviceaccounts:kube-system system:authenticated] map[]}
I0323 15:16:21.450862       1 webhook.go:174] Pod / annotation requesting sidecar config test1:latest
I0323 15:16:21.450961       1 webhook.go:548] AdmissionResponse: patch=[{"op":"add","path":"/spec/containers/0/env","value":[{"name":"HELLO","value":"world"}]},{"op":"add","path":"/spec/containers/0/env/-","value":{"name":"TEST","value":"test_that"}},{"op":"add","path":"/spec/containers/0/volumeMounts/-","value":{"name":"test-vol","mountPath":"/tmp/test"}},{"op":"add","path":"/spec/containers/-","value":{"name":"sidecar-nginx","image":"nginx:1.12.2","ports":[{"containerPort":80}],"env":[{"name":"ENV_IN_SIDECAR","value":"test-in-sidecar"},{"name":"HELLO","value":"world"},{"name":"TEST","value":"test_that"}],"resources":{},"volumeMounts":[{"name":"test-vol","mountPath":"/tmp/test"}],"imagePullPolicy":"IfNotPresent"}},{"op":"add","path":"/spec/volumes/-","value":{"name":"test-vol","configMap":{"name":"test-config"}}},{"op":"add","path":"/metadata/annotations/","value":"injected"}]
I0323 15:16:21.451004       1 webhook.go:626] Ready to write reponse ... - - [23/Mar/2022:15:16:21 +0000] "POST /mutate?timeout=10s HTTP/1.1" 200 1237 "" "kube-apiserver-admission" - - [23/Mar/2022:15:16:28 +0000] "GET /health HTTP/2.0" 200 12 "" "kube-probe/1.21"

Here's the debian-debug POD with no sidecar.

$ kubectl get po | grep debian
debian-debug                                             1/1     Running   0          55m

Version Deets

  • Kubernetes Version:
$ kubectl version
Client Version: version.Info{Major:"1", Minor:"21+", GitVersion:"v1.21.9-dispatcher", GitCommit:"2a8027f41d28b788b001389f3091c245cd0a9a60", GitTreeState:"clean", BuildDate:"2022-01-21T20:31:13Z", GoVersion:"go1.16.12", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"21", GitVersion:"v1.21.9-gke.1002", GitCommit:"f87f9d952767b966e72a4bd75afea25dea187bbf", GitTreeState:"clean", BuildDate:"2022-02-25T18:12:32Z", GoVersion:"go1.16.12b7", Compiler:"gc", Platform:"linux/amd64"}
  • k8s-sidecar-injector Version: latest (as of March 23rd 2022)

Feature request: inject container at the top of the list of containers

Given that the sidecar containers KEP seem to be a ways off, I would love to take advantage of this workaround for delaying application startup until sidecar containers are ready by injecting sidecars at the top of the list of containers, rather than at the bottom, and using a post-startup lifecycle hook to check that the sidecar has started up.

At the moment containers are appended to the bottom of the pod's containers. To take advantage of the workaround with this sidecar injector it would need to be possible to prepend to the top of the list.

I'm not sure what the best way to implement this would be. This may be one of a few, if not the only, cases where the order of containers in the list makes any appreciable difference to the functionality of the pod, so it could be acceptable to simply switch the logic to append at the top of the containers, rather than the bottom.

Or, perhaps a separate field? A separate list of containers like containersPrepend: []?

ConfigMap Watcher got nil Event

What's going on?

Injector deployment crash frequently. I got crash log:

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x20 pc=0xef548b]

goroutine 35 [running]:*K8sConfigMapWatcher).Watch(0xc0002cca00, 0x12d1f60, 0xc0002d8600, 0xc000300600, 0x0, 0x0)
	/src/internal/pkg/config/watcher/watcher.go:109 +0x36b
main.main.func1.1(0xc0002cca00, 0x12d1f60, 0xc0002d8600, 0xc000300600)
	/src/cmd/main.go:114 +0x77
created by main.main.func1
	/src/cmd/main.go:111 +0xd7

I think it just because watcher got a Event with a nil Object and try to use it. I find this bug is caused by kubernetes/client-go#334

Expected Behavior


can reproduce with any valid sidecar configurations, just wait a few minutes

Version Deets

  • Kubernetes Version: v1.13.3
  • k8s-sidecar-injector Version: release-v0.1.6

cofigmaps have the same name

What's going on?

Hi, I've been testing sidecar-injector and just wonder how to identify configmaps with the same name?

Expected Behavior

In my opinion, it should have injected the latest one, but it didn't.

Version Deets

  • Kubernetes Version:
    Client Version: version.Info{Major:"1", Minor:"22", GitVersion:"v1.22.11", GitCommit:"5824e3251d294d324320db85bf63a53eb0767af2", GitTreeState:"clean", BuildDate:"2022-06-16T05:39:23Z", GoVersion:"go1.16.15", Compiler:"gc", Platform:"linux/amd64"}

Server Version: version.Info{Major:"1", Minor:"22", GitVersion:"v1.22.11", GitCommit:"5824e3251d294d324320db85bf63a53eb0767af2", GitTreeState:"clean", BuildDate:"2022-06-16T05:33:55Z", GoVersion:"go1.16.15", Compiler:"gc", Platform:"linux/amd64"}

  • k8s-sidecar-injector Version: latest

serviceMonitor error

i create injector with the document /docs/ step by setp and everything is ok except operation:kubectl create -f service-monitor.yaml.
is anything forget?

error: unable to recognize "service-monitor.yaml": no matches for kind "ServiceMonitor" in version ""

ServiceAccount Token missing in sidecar

I'm trying to inject a sidecar, using which I want to create some CRDs. I need the sidecar to come up "in-cluster". However, I don't see a service account token getting mapped in the injected sidecar.

I'm using the configmap provided in the docs folder. With these lines added:

test1: |
name: test1
- name: HELLO
value: world
- name: TEST
value: test_that
- name: test-vol
mountPath: /tmp/test
- name: test-vol
name: test-config
serviceAccount: k8s-sidecar-injector
serviceAccountName: k8s-sidecar-injector
automountServiceAccountToken: true

I have cherry picked the serviceAccount related PRs.

A brief description of your problem, here, please!

2019-10-18T14:34:30.401690495-07:00 stderr F I1018 21:34:30.401614       1 webhook.go:494] AdmissionResponse: patch=[{"op":"add","path":"/spec/containers/-","value":{"name":"sidecar-wiper","image":"d

Happens always. All the yamls are from the example in the docs folder.

Version Deets

  • Kubernetes Version: 1.15.3
  • k8s-sidecar-injector Top of tree

Question: Being able to inject in kube-system namespace

We would like to be able to inject sidecars inside kube-system namespace. Currently kube-system is hardcoded to be ignored:

I guess this serves as protection from borking your cluster, but the controller fails open, so at worst it would slow down Pods starting in kube-system.

Is this something you would be open to having as a flag with current defaults, to allow setting an empty list?

Am I missing something more critical why kube-system and kube-public are ignored?


Ignored namespaces aren't skipped for Deployment pods

What's going on?

The metadata of the CREATE request object doesn't always contain the namespace or the name of the pod. This seems to be the case when the pod is launched on behalf of a Deployment. It doesn't seem to be the case with StatefulSets or a bare Pod. I haven't tested Jobs or CronJobs or any other controllers.

The check for ignored namespaces uses metadata.namespace to perform the comparison, so pods in kube-system and kube-public aren't skipped for Deployment pods.

Additionally, some logging statements are missing the namespace and name:

I0925 13:20:51.062652       1 webhook.go:165] Pod / annotation is missing, skipping injection

Expected Behavior

List of ignored namespaces should be respected for all pod admission requests, regardless of the source.


This is the Deployment I've been using to test:

apiVersion: apps/v1
kind: Deployment
  name: test 
  namespace: kube-system
  replicas: 1
      app: test
      annotations: my-sidecar
        app: test
        - name: test
          image: alpine
            - ash
            - -c
            - |
              while true; do sleep 86400; done

Version Deets

  • Kubernetes Version: 1.18.5, 1.19.1
  • k8s-sidecar-injector Version: release-v0.5.0

Feature Request: Add ExecAction to config(map)

As a part of injection for sidecars I want to be able to call a preStop hook , so we can cleanup before exit.

ConfigMap Change.

imagePullPolicy: IfNotPresent
exec: ["/bin/bash", "-c", "/opt/bin/prestop"]

E1104 19:09:48.504599 1 main.go:132] error reconciling configmaps: error getting ConfigMaps from API: error parsing ConfigMap sidecar-test item test1 into injection config: e rror unmarshaling JSON: json: cannot unmarshal array into Go struct field Handler.exec of type v1.ExecAction

I guess we will have to add to InjectionConfig structure

Version Deets

  • Kubernetes Version: 1.15.3
  • k8s-sidecar-injector Version: Top of Tree.

Remove glog

What's going on?

glog is annoying to configure, confusing to look at, and poorly documented. Lets gut this and replace with a better logger. See #32

Expected Behavior

  1. glog is replaced by something less annoying to configure and use
  2. gorilla's CombinedLogger for HTTP middleware uses the same logger

serviceaccount in sidecar not inject into pod with another serviceaccount

What's going on?

config serviceaccount in sidecar want to inject into a pod with another serviceaccount

Expected Behavior

sidecar serviceaccount should inject successfullly in pod sidecar container
But pod container still mount old serviceaccount, serviceaccount in sidecar not inject into pod


sidecar config add seviceaccount

apiVersion: v1
  sidecar-telegraf-elasticsearch: |
    name: sidecar-telegraf-elasticsearch
    - name: telegraf
      imagePullPolicy: IfNotPresent
      - containerPort: 9126
        name: prometheus
      - name: telegraf
        mountPath: /etc/telegraf
    serviceAccountName: lma-sidecar
    - name: telegraf
        name: telegraf-elasticsearch

sidecar inject pod but not with lma-sidecar serviceaccount but with elasticsearch serviceaccount

  - image:
    imagePullPolicy: IfNotPresent
    name: telegraf
    - containerPort: 9126
      name: prometheus
      protocol: TCP
    resources: {}
    terminationMessagePath: /dev/termination-log
    terminationMessagePolicy: File
    - mountPath: /etc/telegraf
      name: telegraf
    - mountPath: /var/run/secrets/
      name: elasticsearch-token-m5bs9
      readOnly: true

Version Deets

  • Kubernetes Version: v1.20.1
  • k8s-sidecar-injector Version: 0.5.0

Requesting multiple sidecar injections for pod

Hi, I've been testing your sidecar-injector and just wonder if there is a way to request more than one sidecar injection configurations?
Multiple annotation "" with request assigned to the different names won't raise an error but only the last injection will be applied.

Thanks for reply!

deployment LOG_LEVEL don't have effect

I install k8s-injector referencing examples/kubernetes/deployment.yaml, but no matter what value I config for LOG_LEVEL, the pod always output info level log and so many kube-probe logs like this: - - [15/Oct/2019:02:05:07 +0000] "POST /mutate?timeout=30s HTTP/2.0" 200 74 "" "kube-apiserver-admission"
I1015 02:05:07.968371 1 webhook.go:584] Ready to write reponse ... - - [15/Oct/2019:02:05:07 +0000] "POST /mutate?timeout=30s HTTP/2.0" 200 74 "" "kube-apiserver-admission" - - [15/Oct/2019:02:05:10 +0000] "GET /health HTTP/2.0" 200 12 "" "kube-probe/1.14" - - [15/Oct/2019:02:05:13 +0000] "GET /health HTTP/2.0" 200 12 "" "kube-probe/1.14" - - [15/Oct/2019:02:05:20 +0000] "GET /health HTTP/2.0" 200 12 "" "kube-probe/1.14" - - [15/Oct/2019:02:05:23 +0000] "GET /health HTTP/2.0" 200 12 "" "kube-probe/1.14"

sidercar-configmap namesapces must equal with k8s-sidecar-injector-prod namespace

i run injector with help of
yaml files is in project example directory.every thing is ok,then i run a diferent instances.
pod yaml file:

apiVersion: v1
kind: Pod
  name: debian-debug
  namespace: monitoring
  annotations: sidecar-telegraf-basic
  - image: debian:jessie
    command: ["/bin/sh"]
    args: ["-c", "while true; do echo hello; sleep 10; done"]
    imagePullPolicy: IfNotPresent
    name: debian-debug
        memory: "200M"
        cpu: "500m"
  restartPolicy: Never

sidecar config file:


k8s-sidecar-injector logs show " requested injection sidecar-telegraf-basic was not in configuration".


then i modify sidecar config file.modify namespaces which is equal with k8s-sidecar-injector's namespace.

and it works.

why??in my opinion,the target pods which namespace is monitoring, k8s-sidecar-injector should use sidecar config which namespace is monitirng.not kube-system.

how to config different configmap for different pod in one statefulset

I want to inject configmap of telegraf for rabbbitmq cluster, and rabbitmq run in one statefulset with three replicas. And the need of monitor is config rabbitmq node self for rabbitmq pod like this:
url = ""
username = "admin"
password = "QINtwo5P16SsCmPv"
header_timeout = "3s"
client_timeout = "4s"
nodes = ["rabbit@msg01"]
So how can I config for telegraf configmap of rabbitmq to achieve this need, when one pod of rabbitmq statefulset start, it config nodes with pod hostname for pod configmap thank you!

openshift copy runAsUser form main container

What's going on?

On openshift standard behavior is to run each pod with a certain uid. This uid is dependant of the namespace the pod is running in. Pods are automaticaly injected with the right Security context and runAsUser settings. This is done before the mutating webhook is called to inject the sidecar. The sidecar can not be configured with the right uid because this is namespace dependent and will not run if the setting is not correct.

Example of the security context info

            - KILL
            - MKNOD
            - SETGID
            - SETUID
        runAsUser: 1001550000

I have writen some code to add the runAsUser of container 0 to the injected containers.
Is it possible to open a pull request to integrate this feature

Status annotation ignores custom annotation namespace

What's going on?

Setting a custom annotation namespace -annotation-namespace does not effect the annotation.

The root cause seems quite clear from reading the source. The /status annotation is set in webhook.go#L462, using the config.InjectionStatusAnnotation package-level variable. This variable is hardcoded to use annotationNamespaceDefault, which is set to "". This pretty clearly explains why the user-specified configuration is ignored.

Interestingly, both /request and /status are properly formatted using AnnotationNamespace in (*WebhookServer).getSidecarConfigurationRequested. Seems like that configuration format just needs to be used in both places.

Expected Behavior

Setting should cause Pods with injected sidecars to have the annotation injected. Instead, we see injected. The annotation setting which sidecar configuration to use is


The injector is launched with the following arguments:

    - --v
    - "2"
    - --tls-cert-file
    - /var/lib/tls-cert/tls.crt
    - --tls-key-file
    - /var/lib/tls-cert/tls.key
    - --annotation-namespace
    - --configmap-labels

I'm going to omit sidecar configurations in particular, as the root cause seems quite obvious and the configurations are for internal tools. I can provide similar information if necessary.

Version Deets

  • Kubernetes Version: v1.13.8
  • k8s-sidecar-injector Version: v0.1.7

injected pod has no volume and hostPid property

hello ,i run k8s-sidecar-injector use yamls in example directory .then i modify debug-pod.yaml file:

and sidercar configmap:

then describe pod:

no volumounts hostnetwork and hostPid property. why?

sidecar injected though no configmap created, therefore init does not come up

K8S: 1.18
sidecar: 0.1.7

the side-car gets injected though the required configmap is not created, therefore the init does not come up. this only happens in one namespace. similar setup works in 2 other namespaces. some suggestions on which additional logs to enable and check? problem is still happening, so should be fairly easy to get more logs. thanks

MountVolume.SetUp failed for volume "vault-agent-init-config" : configmap "vault-agent-init-config" not found

sidecar-injector-6b9977dfdf-fwk75 sidecar-injector E0616 19:10:19.980139       1 main.go:118] watcher got error, try to restart watcher: watcher channel has closed
sidecar-injector-6b9977dfdf-fwk75 sidecar-injector I0616 19:10:19.980145       1 main.go:113] launching watcher for ConfigMaps
sidecar-injector-6b9977dfdf-fwk75 sidecar-injector - - [16/Jun/2021:19:10:22 +0000] "GET /health HTTP/2.0" 200 12 "" "kube-probe/1.18"
sidecar-injector-6b9977dfdf-fwk75 sidecar-injector I0616 19:10:22.982614       1 main.go:129] triggering ConfigMap reconciliation
sidecar-injector-6b9977dfdf-fwk75 sidecar-injector I0616 19:10:22.982640       1 watcher.go:151] Fetching ConfigMaps...
sidecar-injector-6b9977dfdf-fwk75 sidecar-injector I0616 19:10:23.028036       1 watcher.go:158] Fetched 1 ConfigMaps
sidecar-injector-6b9977dfdf-fwk75 sidecar-injector I0616 19:10:23.028520       1 watcher.go:179] Loaded InjectionConfig vault-auth from ConfigMap sidecar-injector-default:vault-auth
sidecar-injector-6b9977dfdf-fwk75 sidecar-injector I0616 19:10:23.028897       1 watcher.go:179] Loaded InjectionConfig vault-auth-init from ConfigMap sidecar-injector-default:vault-auth-init
sidecar-injector-6b9977dfdf-fwk75 sidecar-injector I0616 19:10:23.028909       1 watcher.go:164] Found 2 InjectionConfigs in sidecar-injector-default
sidecar-injector-6b9977dfdf-fwk75 sidecar-injector I0616 19:10:23.028914       1 main.go:135] got 2 updated InjectionConfigs from reconciliation
sidecar-injector-6b9977dfdf-fwk75 sidecar-injector I0616 19:10:23.028919       1 main.go:149] updating server with newly loaded configurations (3 loaded from disk, 2 loaded from k8s api)
sidecar-injector-6b9977dfdf-fwk75 sidecar-injector I0616 19:10:23.028925       1 main.go:151] configuration replaced
sidecar-injector-6b9977dfdf-hrmvt sidecar-injector I0616 19:15:08.600191       1 webhook.go:435] AdmissionReview for Kind=/v1, Kind=Pod, Namespace=external-god-connectedvehicle-services Name= () UID=b9f0adb9-96ea-4994-be36-d9cfe10e6cf5 patchOperation=CREATE UserInfo={system:serviceaccount:kube-system:job-controller 503d64d0-aa05-11e9-8bbd-0a71b5a65c66 [system:serviceaccounts system:serviceaccounts:kube-system system:authenticated] map[]}
sidecar-injector-6b9977dfdf-hrmvt sidecar-injector I0616 19:15:08.600224       1 webhook.go:163] Pod / annotation requesting sidecar config vault-auth-init
sidecar-injector-6b9977dfdf-hrmvt sidecar-injector I0616 19:15:08.600316       1 webhook.go:473] AdmissionResponse: patch=[{"op":"add","path":"/spec/containers/0/volumeMounts","value":[{"name":"secrets","mountPath":"/etc/secrets"}]},{"op":"add","path":"/spec/containers/0/volumeMounts/-","value":{"name":"vault-token","mountPath":"/home/vault"}},{"op":"add","path":"/spec/initContainers","value":[{"name":"vault-agent-auth","image":"","args":["agent","-config=/etc/vault/vault-agent-init-config.hcl"],"env":[{"name":"SKIP_SETCAP","value":"true"}],"resources":{"limits":{"cpu":"150m","memory":"250Mi"},"requests":{"cpu":"50m","memory":"64Mi"}},"volumeMounts":[{"name":"vault-agent-init-config","mountPath":"/etc/vault"},{"name":"vault-auth","readOnly":true,"mountPath":"/var/run/secret"},{"name":"secrets","mountPath":"/etc/secrets"},{"name":"vault-token","mountPath":"/home/vault"}],"securityContext":{"privileged":false,"runAsUser":100,"runAsGroup":1000,"runAsNonRoot":true,"allowPrivilegeEscalation":false}}]},{"op":"add","path":"/spec/volumes","value":[{"name":"vault-auth","secret":{"secretName":"vault-sa-token","items":[{"key":"token","path":"token","mode":292}]}}]},{"op":"add","path":"/spec/volumes/-","value":{"name":"vault-token","emptyDir":{"medium":"Memory"}}},{"op":"add","path":"/spec/volumes/-","value":{"name":"vault-agent-init-config","configMap":{"name":"vault-agent-init-config"}}},{"op":"add","path":"/spec/volumes/-","value":{"name":"secrets","emptyDir":{"medium":"Memory"}}},{"op":"add","path":"/metadata/annotations/","value":"injected"}]
sidecar-injector-6b9977dfdf-hrmvt sidecar-injector I0616 19:15:08.600352       1 webhook.go:551] Ready to write reponse ...
sidecar-injector-6b9977dfdf-hrmvt sidecar-injector - - [16/Jun/2021:19:15:08 +0000] "POST /mutate?timeout=30s HTTP/1.1" 200 2145 "" "kube-apiserver-admission"

Add default request from namespace annotation

My use case is that I want to mount /etc/ssl/certs for each pod inside a namespace in order to use a custom CA easily. It would be great to take the requested annotation from the namespace (as a default annotation). For example:

apiVersion: v1
kind: Namespace
  name: test
    k8s-sidecar-injector/default-request: etc-ssl-certs   <--- Applies to every pod in the namespace
apiVersion: v1
kind: Pod
  name: demo-pod
  namespace: test
  annotations: {}  <--- No request but default-request is applied

I think the affected lines would be these:

requestedInjection, ok := annotations[requestAnnotationKey]
if !ok {
glog.Infof("Pod %s/%s annotation %s is missing, skipping injection", metadata.Namespace, metadata.Name, requestAnnotationKey)
return "", ErrMissingRequestAnnotation

sidecar container inject failed on kubernetes 1.14.3

I use k8s-sidecar-injector 0.1.8 before on kubernetes 1.14.3 and found sidecar container inject suceessfully like below:

I0521 03:55:42.351044       1 webhook.go:480] AdmissionResponse: patch=[{"op":"add","path":"/spec/containers/-","value":{"name":"exporter","image":"","args":["--consul.server=localhost:8500","--log.level=warn"],"ports":[{"name":"metric","containerPort":9107}],"resources":{},"livenessProbe":{"tcpSocket":{"port":"metric"},"initialDelaySeconds":60,"timeoutSeconds":10,"periodSeconds":60},"readinessProbe":{"tcpSocket":{"port":"metric"},"initialDelaySeconds":60,"timeoutSeconds":10,"periodSeconds":60},"imagePullPolicy":"IfNotPresent"}},{"op":"add","path":"/metadata/annotations/","value":"injected"}]

But when I upgrade k8s-sidecar-injector to 0.4.0 and found sidecar container inject failed like below:

I0521 06:20:35.624586       1 webhook.go:468] AdmissionReview for Kind=/v1, Kind=Pod, Namespace=monitoring Name= (consul-0) UID=2e9e0283-9b2b-11ea-9df2-5254009197f9 patchOperation=CREATE UserInfo={system:serviceaccount:kube-system:statefulset-controller c7bb22c8-6cef-11ea-9df2-5254009197f9 [system:serviceaccounts system:serviceaccounts:kube-system system:authenticated] map[]}
I0521 06:20:35.624673       1 webhook.go:165] Pod monitoring/consul-0 annotation is missing, skipping injection
I0521 06:20:35.624688       1 webhook.go:474] Skipping mutation of monitoring/consul-0: Missing injection request annotation
I0521 06:20:35.624733       1 webhook.go:584] Ready to write reponse ...

The config of sidecar container is like below and not be modified after k8s-sidecar-injector upgrade

apiVersion: v1
kind: ConfigMap
  name: sidecar-exporter-consul
    app: k8s-sidecar-injector
  sidecar-exporter-consul: |
    name: sidecar-exporter-consul
    - name: exporter
      imagePullPolicy: {{ .Values.image.pullPolicy }}
      - --consul.server=localhost:8500
      - --log.level=warn
      - containerPort: 9107
        name: metric

The config of pod is like below and has request annotation, but sidecar container inject failed

apiVersion: v1
kind: Pod
  annotations: sidecar-exporter-consul "9107" "true"

