Where this fits in K8s strategy
Sidecars are “utility containers”. They support application containers with services like tracing, mesh etc.
Why it’s important
Making sidecars work properly is important. Otherwise, support services may function worse or be unreliable.
The ideal state for deploying sidecars is automatic injection.
What does that mean? It means that support service containers will be automatically attached to new application containers.
The service application’s operator is responsible for guiding the injection process. Here are guides for some of the most popular utility services:
Automatic sidecar injection relies on several components in order to run. It won’t work unless all components are set in their correct positions.
Sounds like a logic gate scenario, right? It is. Let’s cover them in the solution section.
Solution
There are 3 components (logic gates) to consider for automatic sidecar injection. They are:
- namespaceSelector – namespaces where the injection will apply. If there is a match, sidecar injection will go to the next step, which is…
- default policy – ingress and egress policy setting for pods. Doesn’t matter if they are enabled or disabled, sidecar injection will go to the next step, which is…
- Pod override annotation – overrides the standard settings of pods to allow for a new container to be inserted. Must be “true” for injection to go ahead
Can’t see the logic? This table by Istio might help:
