TL;DR

  • app listens on container loopback
  • sidecar exposes a narrow ingress point for the app
  • environment proxy forwards to the sidecar path
  • main gateway forwards to the environment proxy

Integration checklist

When I add a new app to this chain, I want four things to be true:

  1. The app has its own local health endpoint.
  2. The sidecar can reach the app over namespace-local loopback.
  3. The environment proxy can reach the sidecar.
  4. The main gateway can forward traffic to the environment proxy without exposing more than necessary.

What usually matters most

The common mistakes are simple:

  • wrong port ownership between app and sidecar
  • missing health endpoint at one layer
  • proxy config updated in one layer but not the next
  • loopback assumptions that only work inside one namespace

So the useful habit is to test the path one hop at a time instead of jumping straight to the public hostname.

Promotion rule

I only consider the app integrated when:

  • the app health endpoint works
  • the sidecar health endpoint works
  • the environment proxy health endpoint works
  • the public hostname works

That order keeps the debugging path short.