In my previous blog post, I showed you how to check for specific feature gates on an Azure Kubernetes Service cluster.
-> https://www.danielstechblog.io/show-enabled-feature-gates-on-an-azure-kubernetes-service-cluster/
Especially for the SidecarContainers feature gate, which is enabled on Azure Kubernetes Service running Kubernetes version 1.29 or higher.
The SidecarContainers feature gate brings support for running sidecar containers as init containers. For instance, a service mesh proxy container now starts before the main container and solves a couple of issues with service mesh proxies in Kubernetes.
It was introduced in Kubernetes version 1.28 as an alpha version and graduated to beta with Kubernetes version 1.29.
-> https://kubernetes.io/blog/2023/08/25/native-sidecar-containers/
Today, I am walking you through how to use Istio with Kubernetes native sidecars on Azure Kubernetes Service.
As stated in the Istio blog post from 2023, it is an environment variable called ENABLE_NATIVE_SIDECARS that needs to be set to true.
-> https://istio.io/latest/blog/2023/native-sidecars/
I use the IstioOperator custom resource definition to define my Istio installation configuration options in a YAML file.
The following configuration activates the Kubernetes native sidecar support in Istio.
apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
metadata:
namespace: istio-system
name: istiocontrolplane
spec:
components:
...
meshConfig:
...
values:
global:
...
pilot:
env:
PILOT_ENABLE_STATUS: true
ENABLE_NATIVE_SIDECARS: true
sidecarInjectorWebhook:
rewriteAppHTTPProbe: true
After applying the IstioOperator configuration, we check if the istio-proxy is now running as an init container. For that, I deployed a simple container application in its own namespace.
❯ kubectl images -c 1,2 [Summary]: 1 namespaces, 3 pods, 9 containers and 2 different images +----------------------------+--------------------+ | Pod | Container | +----------------------------+--------------------+ | go-webapp-64cc9779d4-8kp7m | go-webapp | + +--------------------+ | | (init) istio-init | + +--------------------+ | | (init) istio-proxy | +----------------------------+--------------------+ | go-webapp-64cc9779d4-f4hrf | go-webapp | + +--------------------+ | | (init) istio-init | + +--------------------+ | | (init) istio-proxy | +----------------------------+--------------------+ | go-webapp-64cc9779d4-mrbc9 | go-webapp | + +--------------------+ | | (init) istio-init | + +--------------------+ | | (init) istio-proxy | +----------------------------+--------------------+
As seen in the above output, the istio-proxy is now running as a Kubernetes native sidecar.
You can find the full example IstioOperator configuration file on my GitHub repository.
-> https://github.com/neumanndaniel/kubernetes/blob/master/istio/istio-1.21.yaml