Monitoring & Tracing

Istio relies on the existence of a proxy sidecar within the application’s pod to provide service mesh capabilities to the application. You can include the proxy sidecar through a manual process, prior to deployment, however we recommend automatic injection. This ensures that your application contains the appropriate configuration for your service mesh at the time of its deployment.

Automatic Sidecar Injection

Automatic injection of the sidecar is supported through the use of an annotation within your application yaml file. The name of the annotation is sidecar.istio.io/inject and its value must be set to true for injection to occur.

Note
This behavior differs from the upstream Istio community releases as they require a specific label on the namespace after which all pods within that namespace are injected with the sidecar. Our approach is to opt-in to injection using the annotation with no need to label namespaces. This method requires fewer privileges and does not conflict with other OpenShift capabilities such as builder pods.

This example shows the annotation used within the sleep test application. The additional proxy related containers are included when you create the application in the OpenShift cluster.

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: sleep
spec:
  replicas: 1
  template:
    metadata:
      annotations:
        sidecar.istio.io/inject: "true"
      labels:
        app: sleep
    spec:
      containers:
      - name: sleep
        image: tutum/curl
        command: ["/bin/sleep","infinity"]
        imagePullPolicy: IfNotPresent

Manual Sidecar Injection

Manual injection of the sidecar is supported through the upstream istioctl command however as this release is based on a snapshot of the upstream istio release-1.1 branch there is not currently a compatible version of this command available through the upstream project. As such we do not support manual injection with this release.