[master] Documentation about holdApplicationUntilProxyStarts (#10854)

* Information about holdApplicationUntilProxyStarts

This is a very extended topic about networking issues with pods with the istio-proxy sidecar container and is not spread or well documented.
Many people using solutions as "curl -fsI http://localhost:15021/healthz/ready", or post start hooks, even changing logics in scripts etc.
Adding this in this related documentation can help people find this feature easily.

* Fix letfover d

Remove leftover d in added

* Apply suggestions from craigbox

Co-authored-by: craigbox <craigbox@google.com>

* Update index.md

Remove trailing space in line 245.

Co-authored-by: Adrian Rico <aseguirico@gmail.com>
Co-authored-by: craigbox <craigbox@google.com>

content/en/docs/ops/common-problems/injection/index.md

@@ -239,3 +239,21 @@ node autoscaler is unable to evict nodes with the injected pods. This is
 a [known issue](https://github.com/kubernetes/autoscaler/issues/3947). The workaround is
 to add a pod annotation `"cluster-autoscaler.kubernetes.io/safe-to-evict":
 "true"` to the injected pods.
+
+## Pod or containers start with network issues if istio-proxy is not ready
+
+Many applications execute commands or checks during startup, which require network connectivity. This can cause application containers to hang or restart if the `istio-proxy` sidecar container is not ready.
+
+To avoid this, set `holdApplicationUntilProxyStarts` to `true`. This causes the sidecar injector to inject the sidecar at the start of the pod’s container list, and configures it to block the start of all other containers until the proxy is ready.
+
+This can be added as a global config option:
+
+{{< text yaml >}}
+values.global.proxy.holdApplicationUntilProxyStarts: true
+{{< /text >}}
+
+or as a pod annotation:
+
+{{< text yaml >}}
+proxy.istio.io/config: '{ "holdApplicationUntilProxyStarts": true }'
+{{< /text >}}