Installing the sidecar within your Service Mesh Applications

Upstream Istio community installations rely on the existence of a proxy sidecar within the application’s pod to provide service mesh capabilities to the application. You can include the proxy sidecar by using a manual process before deployment. However, automatic injection ensures that your application contains the appropriate configuration for your service mesh at the time of its deployment.

Automatic Sidecar Injection

Automatic injection of the sidecar is supported by using the sidecar.istio.io/inject annotation within your application yaml file. Set the annotation’s value to true for injection to occur.

Upstream Istio community installations require a specific label on the namespace after which all pods in that namespace are injected with the sidecar. The OpenShift Service Mesh approach requires you to opt in to injection using an annotation with no need to label namspaces. This method requires fewer privileges and does not conflict with other OpenShift capabilities such as builder pods.

This example shows the annotation used within the sleep test application. The additional proxy related containers are included when you create the application in the OpenShift cluster.

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: sleep
spec:
  replicas: 1
  template:
    metadata:
      annotations:
        sidecar.istio.io/inject: "true"
      labels:
        app: sleep
    spec:
      containers:
      - name: sleep
        image: tutum/curl
        command: ["/bin/sleep","infinity"]
        imagePullPolicy: IfNotPresent