5

I am trying to implement a service mesh to a service with Kubernetes using Istio and Envoy. I was able to set up the service and istio-proxy but I am not able to control the order in which the container and istio-proxy are started.

My container is the first started and tries to access an external resource via TCP but at that time, istio-proxy has not completely loaded and so does the ServiceEntry for the external resource

I tried adding a panic in my service and also tried with a sleep of 5 seconds before accessing the external resource.

Is there a way that I can control the order of these?

Rico
  • 58,485
  • 12
  • 111
  • 141
DoIt
  • 3,270
  • 9
  • 51
  • 103

3 Answers3

2

I don't think you can control the order other than listing the containers in a particular order in your pod spec. So, I recommend you configure a Readiness Probe so that you are pod is not ready until your service can send some traffic to the outside.

Rico
  • 58,485
  • 12
  • 111
  • 141
2

On istio version 1.7.X and above you can add configuration option values.global.proxy.holdApplicationUntilProxyStarts, which causes the sidecar injector to inject the sidecar at the start of the pod’s container list and configures it to block the start of all other containers until the proxy is ready. This option is disabled by default.

According to https://istio.io/latest/news/releases/1.7.x/announcing-1.7/change-notes/

Maoz Zadok
  • 4,871
  • 3
  • 33
  • 43
1

Github issue here:

Support startup dependencies between containers on the same Pod

We're currently recommending that developers solve this problem themselves by running a startup script on their application container which delays application startup until Envoy has received its initial configuration. However, this is a bit of a hack and requires changes to every one of the developer's containers.

Ijaz Ahmad
  • 11,198
  • 9
  • 53
  • 73