After adding your services to a mesh, enable automatic sidecar injection in the deployment resource for your application. You must enable automatic sidecar injection for each deployment.

If you have installed the Bookinfo sample application, the application was deployed and the sidecars were injected. If you are using your own project and service, deploy your applications on OpenShift Container Platform. For more information, see Understanding Deployment and DeploymentConfig objects.

Prerequisites

Enabling automatic sidecar injection

When deploying an application, you must opt-in to injection by setting the sidecar.istio.io/inject annotation to "true". Opting in ensures that the sidecar injection does not interfere with other OpenShift features such as builder pods used by numerous frameworks within the OpenShift ecosystem.

Prerequisites
  • Identify the deployments for which you want to enable automatic sidecar injection.

Procedure
  1. Open the application’s deployment configuration YAML file in an editor. To find a deployment use the oc get command. For example, for an app called sleep in the sleep namespace, use the following command to see the resource in YAML format.

    oc get deployment sleep -o yaml
  2. Add sidecar.istio.io/inject to the configuration YAML with a value of "true" in the spec.template.metadata.annotations.sidecar.istio/inject field. See the following example for an app called sleep.

    Sleep test application example sleep.yaml
    apiVersion: apps/v1
    kind: Deployment
    metadata:
      labels:
        app: sleep
      name: sleep
    spec:
      replicas: 1
      selector:
        matchLabels:
          app: sleep
      template:
        metadata:
          annotations:
            sidecar.istio.io/inject: "true"
          labels:
            app: sleep
        spec:
          containers:
          - name: sleep
            image: curlimages/curl
            command: ["/bin/sleep","3650d"]
            imagePullPolicy: IfNotPresent
  3. Save the configuration file.

  4. Add the file back to the project that contains your app. In this example, sleep is the name of the project that contains the sleep app and sleep.yaml is the file you edited.

    $ oc apply -n sleep -f sleep.yaml
  5. To verify that the resource uploaded successfully, run the following command.

    oc get deployment sleep -o yaml

Updating your application pods

If you selected the Automatic Approval Strategy when you were installing your Operators, then the Operators update the control plane automatically but not your applications. Existing applications continue to be part of the mesh and function accordingly. The application administrator must restart applications to upgrade the sidecar.

If your deployment uses automatic sidecar injection, you can update the pod template in the deployment by adding or modifying an annotation. Run the following command to redeploy the pods:

$ oc patch deployment/<deployment> -p '{"spec":{"template":{"metadata":{"annotations":{"kubectl.kubernetes.io/restartedAt": "'`date -Iseconds`'"}}}}}'

If your deployment does not use automatic sidecar injection, you must manually update the sidecars by modifying the sidecar container image specified in the deployment or pod.

Setting environment variables on the proxy in applications through annotations

You can set environment variables on the sidecar proxy for applications by adding pod annotations in the deployment in the injection-template.yaml file. The environment variables are injected to the sidecar.

Example injection-template.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: resource
spec:
  replicas: 7
  selector:
    matchLabels:
      app: resource
  template:
    metadata:
      annotations:
        sidecar.maistra.io/proxyEnv: "{ \"maistra_test_env\": \"env_value\", \"maistra_test_env_2\": \"env_value_2\" }"

maistra.io/ labels and annotations should never be included in user-created resources, because they indicate that the resources are generated and managed by the Operator. If you are copying content from an Operator-generated resource when creating your own resources, do not include labels or annotations that start with maistra.io/ or your resource will be overwritten or deleted by the Operator during the next reconciliation.

Next steps

Configure Red Hat OpenShift Service Mesh features for your environment.