Istio Sidecar Injection modes¶
Istio Sidecar Injection is the process of modifying Pod specifications to include an Envoy proxy container within the Pod, enabling functionalities like traffic management and security.^[400-devops-07-monitoring-and-observability-k8s-istio-samples-sleep-readme.md]
Automatic sidecar injection¶
When automatic sidecar injection is enabled in the cluster, the Istio admission controller automatically modifies Pod specifications at creation time^[400-devops-07-monitoring-and-observability-k8s-istio-samples-sleep-readme.md]. In this mode, the user applies the standard resource manifests directly, and the sidecar is injected without manual intervention^[400-devops-07-monitoring-and-observability-k8s-istio-samples-sleep-readme.md].
Manual sidecar injection¶
If automatic injection is not enabled, manual sidecar injection must be performed^[400-devops-07-monitoring-and-observability-k8s-istio-samples-sleep-readme.md]. This requires the user to use the istioctl kube-inject command to transform the manifest locally before applying it to the cluster^[400-devops-07-monitoring-and-observability-k8s-istio-samples-sleep-readme.md].
Usage Example¶
When deploying the sleep sample service, the command varies based on the injection mode^[400-devops-07-monitoring-and-observability-k8s-istio-samples-sleep-readme.md]:
- Automatic:
kubectl apply -f sleep.yaml^[400-devops-07-monitoring-and-observability-k8s-istio-samples-sleep-readme.md] - Manual:
kubectl apply -f <([istioctl](<./istioctl.md>) kube-inject -f sleep.yaml)^[400-devops-07-monitoring-and-observability-k8s-istio-samples-sleep-readme.md]
Related Concepts¶
Sources¶
- 400-devops-07-monitoring-and-observability-k8s-istio-samples-sleep-readme.md