Workload Sidecar Management¶
You can perform various operations on workloads regarding sidecar injection, such as enabling, disabling, and setting resource quota.
View Sidecar Injection Information¶
In the left navigation menu, click Mesh Sidecar -> Workload and select a cluster to view all workloads, their related namespaces, sidecar injection statuses, and resource quota under that cluster.
The columns are defined as follows:
Column Name | Definition |
---|---|
Workload | All workloads in the selected cluster (excluding system workloads that cannot have sidecars injected) |
Status | Three statuses: Injected - The automatic sidecar injection is completed. Uninjected - Automatic sidecar injection is disabled. Pending Restart - The istio-injection of the corresponding namespace has changed but the related Pod has not been restarted yet. |
Namespace | The namespace to which this workload belongs. |
Service | The service(s) related to this workload, which may contain multiple items. You can click to expand the list. |
Injected Pod/All Pods | The injection status of the workload's Pods. The format is "Number of pods with sidecars injected / Total number of injectable Pods." If the injection status of the workload is "Injected," but some Pods are Uninjected, such as ⅗, this item will be highlighted to remind you of the failed injections. |
CPU Request/Limit | Contains two values: requested resources and limited resources. If you have not set any resource limit, this project will show as "Not Set." The format is "Request / Limit." |
Memory Request/Limit | Contains two values: requested resources and limited resources. If you have not set any resource limit, this project will show as "Not Set." The format is "Request / Limit." |
Operation | Injection Enable, Clear Policy, Sidecar Resource Limits, View Sidecar Status and Traffic Pass-Through Settings |
When there are many workloads, you can sort them by name and search for them using the search function.
View Sidecar Running Status¶
If one workload has a sidecar injected, click the ┇ at the end of the row and select Check Sidecar Status from the pop-up menu.
You can see the sidecar's current running status, resource requests, and limits.
Enable Sidecar Injection¶
You can enable automatic sidecar injection for one or more workloads and restart their corresponding Pods. Please ensure that the Pods can be restarted before performing this operation. Follow these steps:
-
Select one or more workloads that have not had sidecars injected, click Enable Injection at the top right.
-
In the pop-up dialog, confirm the selected workload(s) and check the Restart Now checkbox. Click OK .
-
Return to the workload list, and you can see the Status of the selected workloads has changed, such as from Uninjected to Injected . After completing the Pod restarts, the sidecar injection will be completed, and the relevant injection progress can be viewed in the Pods Injected column.
Note
If the namespace to which the workload belongs has executed the Injection Enable/Disable operation but has not restarted the workload, the workload cannot perform new sidecar-related operations. You need to restart it before executing the new sidecar operation.
Disable Sidecar Injection¶
You can disable automatic sidecar injection for one or more workloads and restart their corresponding Pods. Please ensure that the Pods can be restarted before performing this operation. Follow these steps:
-
Select one or more workloads that have had sidecars injected, click Injection Disable at the top right.
-
In the pop-up dialog, confirm the selected workload(s) and check the Restart Now checkbox. Click OK .
-
Return to the workload list, and you can see that the Status of the selected workloads has changed to Uninjected . After completing the Pod restarts, the sidecar injection will be disabled, and the relevant uninstall progress can be viewed in the Pods Injected column.
Note
If the namespace to which the workload belongs has executed the Injection Enable/Disable operation but has not restarted the workload, the workload cannot perform new sidecar-related operations. You need to restart it before executing the new sidecar operation.
Set Resource Quota for Sidecar¶
You can set CPU and memory limits for one or more workloads that have had sidecars injected. Follow these steps:
-
Select one or more workloads that have had sidecars injected, click Sidecar Resource Quota at the top right.
-
In the pop-up dialog, set the resource quota for the selected workload(s) and click OK .
-
Return to the workload list, and you can see that the resource quotas of the selected workloads are displayed in the CPU Request/Limit and Memory Request/Limit columns.
Cleanup Policy¶
You can clean up the sidecar policy for one or more workloads that have had sidecars injected. Follow these steps:
-
Select one or more workloads that have had sidecars injected, click Cleanup Policy at the top right.
-
In the pop-up dialog, confirm the selected workload(s) and click OK .
-
Return to the workload list, and you can see that the sidecar policy of the selected workloads has been cleaned up.
Sidecar Upgrade¶
In DCE 5.0 Service Mesh, a sidecar refers to an Envoy proxy used to implement traffic control and routing rules within the service mesh. Sidecar upgrade refers to upgrading the Envoy proxy from an older version to a newer version.
Reasons for upgrading the sidecar include:
- Security updates: The new version may have fixed security vulnerabilities or other security issues. To ensure the security of the service mesh, it is necessary to upgrade the sidecar to the latest version.
- Feature enhancement: The new version may add some new features or improve existing ones to enhance the performance and reliability of the service mesh.
- Error fixing: The new version may fix some errors or bugs to increase the stability and reliability of the service mesh.
- Version obsolescence: Over time, the old version of Envoy proxy may become outdated and no longer supported. Therefore, it is necessary to upgrade to the latest version for better support and maintenance.
However, before upgrading the sidecar, sufficient testing and verification are needed to ensure that the upgrade process does not have any negative impact on the service mesh.
For specific operational steps, refer to Sidecar Upgrade.