Skip to content

Sidecar injection pattern

The Sidecar injection pattern is a mechanism used in Service mesh implementations like Istio to extend the functionality of application containers without modifying the application code.^[400-devops-07-monitoring-and-observability-k8s-istio-samples-httpbin-readme.md]

In a standard deployment, a Pod runs the application container. With this pattern, an additional "sidecar" container is added to the Pod to handle cross-cutting concerns such as network traffic management, security, and observability.^[400-devops-07-monitoring-and-observability-k8s-istio-samples-httpbin-readme.md] This allows the Service mesh to intercept and manage all network traffic entering and leaving the application container.^[400-devops-07-monitoring-and-observability-k8s-istio-samples-httpbin-readme.md]

Implementation Methods

There are two primary methods for applying this pattern within a Kubernetes environment:

Automatic injection

When is enabled on the cluster namespace, the sidecar container is automatically added to the Pod definition at creation time by the Kubernetes admission controller.^[400-devops-07-monitoring-and-observability-k8s-istio-samples-httpbin-readme.md] In this mode, the user can apply their standard resource manifests directly, for example using kubectl apply -f httpbin.yaml.^[400-devops-07-monitoring-and-observability-k8s-istio-samples-httpbin-readme.md]

Manual injection

If automatic injection is not enabled, the sidecar must be manually injected before deployment.^[400-devops-07-monitoring-and-observability-k8s-istio-samples-httpbin-readme.md] This is typically achieved using a command-line tool provided by the Service mesh (such as istioctl) which modifies the Pod specification.^[400-devops-07-monitoring-and-observability-k8s-istio-samples-httpbin-readme.md] For example, the command istioctl kube-inject takes a standard manifest file and outputs a modified version containing the sidecar configuration.^[400-devops-07-monitoring-and-observability-k8s-istio-samples-httpbin-readme.md]

Sources

^[400-devops-07-monitoring-and-observability-k8s-istio-samples-httpbin-readme.md]