Our current differences were summed up in an email thread by John Mazzitelli copied below. Customers have also raised that this is a difference from upstream that causes some confusion. Some would like a way of enabling auto injection. If converging here would reduce our maintenance burden for OSSM, that would also be a motivation to complete it.

Email from John on openshift-sme, "Fwd: sidecar injection in OSSM":

 
I just wanted to send this out as a reminder (and so I have it stored in my sent folder so I can find it easier the next time I'm searching for this
 
During the last week or so I've seen a couple people ask why auto-injection of the sidecar isn't working in OSSM. Turns out, OSSM does things differently than upstream Istio in order to enable auto-injection of the sidecar.
 
In short, the namespace label is ignored in OSSM. You cannot opt-in all pods in a namespace by setting a namespace label. And today you also can't use the pod label (though this might change in the next OSSM release that bumps to a newer version of Istio). OSSM requires the pod annotation today (as of OSSM 2.1).
 
Here's the differences:
 
 
UPSTREAM ISTIO:

• Namespace Label: supports "enabled" and "disabled"
• Pod Label: supports "true" and "false"
• Pod Annotation: supports "false" only

OSSM:

• Namespace Label: not supported
• Pod Label: not supported
• Pod Annotation: "true" and "false"
   
   
• The pod label/annotation is "sidecar.istio.io/inject" and the namespace label is "istio-injection" (canary deployments have another option, see the docs).
   
  So you must annotate your Pods when using OSSM - that's the only way you can opt-in for auto-injection in OSSM.
   
   
  Here's the OSSM docs - https://docs.openshift.com/container-platform/4.9/service_mesh/v2x/prepare-to-deploy-applications-ossm.html
   
  Here's the upstream Istio docs: https://istio.io/latest/docs/setup/additional-setup/sidecar-injection/