Skip to content

Istio Sidecar Bootstrap Override

The Istio Sidecar Bootstrap Override is a mechanism within Istio that allows operators to inject a custom Envoy proxy configuration into a Service mesh application.^[custom-bootstrap__README.md] Instead of relying solely on the default proxy bootstrap generated by Istio, this feature enables specific customization of the Envoy configuration via a Kubernetes ConfigMap.^[custom-bootstrap__README.md]

Implementation

To implement a custom bootstrap, the workflow involves creating a ConfigMap containing the custom Envoy configuration and applying it to the cluster.^[custom-bootstrap__README.md] The specific configuration is then attached to a workload (such as a deployment) using the annotation sidecar.istio.io/bootstrapOverride, where the annotation value corresponds to the name of the ConfigMap.^[custom-bootstrap__README.md]

If the cluster does not have Automatic sidecar injection enabled, the istioctl kube-inject command must be used to manually inject the sidecar into the application manifest before deployment.^[custom-bootstrap__README.md]

Configuration Merging

The custom configuration is passed to the Envoy proxy using the --config-yaml flag.^[custom-bootstrap__README.md] The system performs a merge between the provided custom configuration and the default bootstrap configuration.^[custom-bootstrap__README.md]

The merging logic dictates that: * Singular values defined in the custom configuration will replace the default values. * Repeated values (lists) will be appended to the default values.^[custom-bootstrap__README.md]

Verification

To verify which bootstrap configuration is currently active for a specific Pod, operators can use the istioctl proxy-config bootstrap command with the target Pod name.^[custom-bootstrap__README.md]

Sources

^[custom-bootstrap__README.md]