Istio relies on the existence of a proxy sidecar within the application’s pod to provide service mesh capabilities to the application. You can include the proxy sidecar through a manual process, prior to deployment, however we recommend automatic injection. This ensures that your application contains the appropriate configuration for your service mesh at the time of its deployment.
Automatic Sidecar Injection
Automatic injection of the sidecar is supported through the use of an annotation within your application yaml file. The name of the annotation is
sidecar.istio.io/inject and its value must be set to
true for injection to occur.
|This behavior differs from the upstream Istio community releases as they require a specific label on the namespace after which all pods within that namespace are injected with the sidecar. Our approach is to opt-in to injection using the annotation with no need to label namespaces. This method requires fewer privileges and does not conflict with other OpenShift capabilities such as builder pods.|
This example shows the annotation used within the sleep test application. The additional proxy related containers are included when you create the application in the OpenShift cluster.
apiVersion: extensions/v1beta1 kind: Deployment metadata: name: sleep spec: replicas: 1 template: metadata: annotations: sidecar.istio.io/inject: "true" labels: app: sleep spec: containers: - name: sleep image: tutum/curl command: ["/bin/sleep","infinity"] imagePullPolicy: IfNotPresent
Manual Sidecar Injection
Manual injection of the sidecar is supported through the upstream
istioctl command however as this release is based on a snapshot of the upstream istio release-1.1 branch there is not currently a compatible version of this command available through the upstream project. As such we do not support manual injection with this release.