Sidecar injection for sample applications¶
Sidecar injection is a prerequisite mechanism for integrating application workloads with the service mesh. For sample applications, such as the helloworld service, sidecar injection enables the functionality required for traffic management, observability, and security policies defined by the mesh control plane.^[400-devops__07-Monitoring-and-Observability__k8s-istio__samples__helloworld__README.md]
Deployment methods¶
When deploying sample services, the inclusion of the sidecar proxy (commonly referred to as istio-proxy) can be managed through two primary methods^[400-devops__07-Monitoring-and-Observability__k8s-istio__samples__helloworld__README.md]:
- Automatic Sidecar Injection: This is typically enabled at the namespace level. If the cluster has this feature enabled, standard deployments (e.g., using
kubectl apply) will automatically inject the proxy container into the pod specification^[400-devops__07-Monitoring-and-Observability__k8s-istio__samples__helloworld__README.md]. - Manual Sidecar Injection: If automatic injection is not enabled, the deployment commands or YAML files must be modified to include manual sidecar injection processes^[400-devops__07-Monitoring-and-Observability__k8s-istio__samples__helloworld__README.md].
Operational considerations¶
Resource Management¶
The injected sidecar containers must be configured with resource requests to ensure the pod can communicate with the cluster autoscaler^[400-devops__07-Monitoring-and-Observability__k8s-istio__samples__helloworld__README.md]. Specifically, a Kubernetes Horizontal Pod Autoscaler requires that all containers within the pod request CPU resources^[400-devops__07-Monitoring-and-Observability__k8s-istio__samples__helloworld__README.md].
Consequently, valid sample deployments must define CPU requests for both the main application container and the injected istio-proxy container to function correctly with autoscaling^[400-devops__07-Monitoring-and-Observability__k8s-istio__samples__helloworld__README.md].
Service Management¶
While manual scripting or generation tools (e.g., gen-helloworld.sh) are often provided to customize sample deployments—such as changing service versions—these modifications generally focus on the application containers^[400-devops__07-Monitoring-and-Observability__k8s-istio__samples__helloworld__README.md]. The network proxy components required for mesh integration are handled separately via the injection process described above^[400-devops__07-Monitoring-and-Observability__k8s-istio__samples__helloworld__README.md].