Verify that the client Pod has an Envoy sidecar container automatically
injected:
kubectlgetpods-nsidecar-example-lrun=client
The output is similar to:
NAME READY STATUS RESTARTS AGE
client-xxxx 2/2 Running 0 20s
Wait for the client to be ready and have theStatusRunning before
continuing.
Verify Envoy-sidecar service mesh setup. The following command sends a
request to the whereami service from the client
CLIENT_POD=$(kubectlgetpod-nsidecar-example-lrun=client-o=jsonpath='{.items[0].metadata.name}')# The VIP where the following request will be sent. Because all requests# from the client container are redirected to the Envoy proxy sidecar, you# can use any IP address, including 10.0.0.2, 192.168.0.1, and others.VIP='10.0.0.1'TEST_CMD="curl -v -H 'host: whereami.sidecar-example.svc.cluster.local'$VIP"kubectlexec-it$CLIENT_POD-nsidecar-example-cclient--/bin/sh-c"$TEST_CMD"
The output is similar to:
< Trying 10.0.0.1:80...
< Connected to 10.0.0.1 (10.0.0.1) port 80 (#0)
< GET / HTTP/1.1
< Host: whereami
< User-Agent: curl/7.82.0-DEV
< Accept: */*
<
< Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< content-type: application/json
< content-length: 318
< access-control-allow-origin: *
< server: envoy
< date: Tue, 12 Apr 2022 22:30:13 GMT
<
{
"cluster_name": "${CLUSTER_NAME}",
"location": "${LOCATION}",
"host_header": "whereami",
...
}
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-04 UTC."],[],[],null,["# Set up an Envoy sidecar service mesh on GKE\n===========================================\n\nThis page describes how to set up an Envoy sidecar service mesh on\nGKE.\n\nPrerequisites\n-------------\n\nAs a starting point, this guide assumes that you have already:\n\n- [Created a GKE cluster and registered it to a fleet](/service-mesh/v1.24/docs/gateway/prepare-gateway#create_and_register_a_cluster).\n- [Installed the custom resource definitions](/service-mesh/v1.24/docs/gateway/prepare-gateway#install_custom_resource_definitions).\n\nSet up the Service\n------------------\n\n1. Create a sample HTTP service:\n\n kubectl apply -f - \u003c\u003cEOF\n kind: Namespace\n apiVersion: v1\n metadata:\n name: sidecar-example\n ---\n apiVersion: apps/v1\n kind: Deployment\n metadata:\n name: whereami\n namespace: sidecar-example\n spec:\n replicas: 2\n selector:\n matchLabels:\n app: whereami\n template:\n metadata:\n labels:\n app: whereami\n spec:\n containers:\n - name: whereami\n image: us-docker.pkg.dev/google-samples/containers/gke/whereami:v1\n ports:\n - containerPort: 8080\n ---\n apiVersion: v1\n kind: Service\n metadata:\n name: whereami\n namespace: sidecar-example\n spec:\n selector:\n app: whereami\n ports:\n - port: 8080\n targetPort: 8080\n EOF\n\n2. Create a baseline HTTPRoute for the service:\n\n apiVersion: gateway.networking.k8s.io/v1beta1\n kind: HTTPRoute\n metadata:\n name: whereami-route\n namespace: sidecar-example\n spec:\n parentRefs:\n - name: whereami\n kind: Service\n group: \"\"\n rules:\n - backendRefs:\n - name: whereami\n port: 8080\n EOF\n\n Alternatively, the following manifest describes a sample gRPC Service: \n\n apiVersion: v1\n kind: Service\n metadata:\n name: sample-service\n namespace: sample-ns\n annotations:\n networking.gke.io/app-protocols: '{\"50051\": \"HTTP2\"}' # 50051 is backendref.port\n spec:\n ports:\n - port: 50051\n targetPort: 50051\n\n | **Note:** If you are setting up a Service that runs gRPC but uses an Envoy sidecar proxy, the Service metadata should include `networking.gke.io/app-protocols: '{\"\u003cport\u003e\": \"HTTP2\"}'` label to apply the correct protocol to the backend service.\n\nSet up the Client\n-----------------\n\n1. Run the following command to enable sidecar injection in the\n `sidecar-example` namespace:\n\n kubectl label namespace sidecar-example mesh.cloud.google.com/csm-injection=sidecar\n\n2. Create a client:\n\n kubectl apply -f - \u003c\u003cEOF\n apiVersion: apps/v1\n kind: Deployment\n metadata:\n labels:\n run: client\n name: client\n namespace: sidecar-example\n spec:\n replicas: 1\n selector:\n matchLabels:\n run: client\n template:\n metadata:\n labels:\n run: client\n spec:\n containers:\n - name: client\n image: curlimages/curl\n command:\n - sh\n - -c\n - while true; do sleep 1; done\n EOF\n\n3. Verify that the client Pod has an Envoy sidecar container automatically\n injected:\n\n kubectl get pods -n sidecar-example -l run=client\n\n The output is similar to: \n\n NAME READY STATUS RESTARTS AGE\n client-xxxx 2/2 Running 0 20s\n\n Wait for the client to be ready and have the `Status` Running before\n continuing.\n4. Verify Envoy-sidecar service mesh setup. The following command sends a\n request to the whereami service from the client\n\n CLIENT_POD=$(kubectl get pod -n sidecar-example -l run=client -o=jsonpath='{.items[0].metadata.name}')\n\n # The VIP where the following request will be sent. Because all requests\n # from the client container are redirected to the Envoy proxy sidecar, you\n # can use any IP address, including 10.0.0.2, 192.168.0.1, and others.\n VIP='10.0.0.1'\n\n TEST_CMD=\"curl -v -H 'host: whereami.sidecar-example.svc.cluster.local' $VIP\"\n\n kubectl exec -it $CLIENT_POD -n sidecar-example -c client -- /bin/sh -c \"$TEST_CMD\"\n\n The output is similar to: \n\n \u003c Trying 10.0.0.1:80...\n \u003c Connected to 10.0.0.1 (10.0.0.1) port 80 (#0)\n \u003c GET / HTTP/1.1\n \u003c Host: whereami\n \u003c User-Agent: curl/7.82.0-DEV\n \u003c Accept: */*\n \u003c\n \u003c Mark bundle as not supporting multiuse\n \u003c HTTP/1.1 200 OK\n \u003c content-type: application/json\n \u003c content-length: 318\n \u003c access-control-allow-origin: *\n \u003c server: envoy\n \u003c date: Tue, 12 Apr 2022 22:30:13 GMT\n \u003c\n {\n \"cluster_name\": \"${CLUSTER_NAME}\",\n \"location\": \"${LOCATION}\",\n \"host_header\": \"whereami\",\n ...\n }"]]
