diff --git a/content/en/docs/ops/common-problems/injection/index.md b/content/en/docs/ops/common-problems/injection/index.md
index b858daedf2..7898c2afe8 100644
--- a/content/en/docs/ops/common-problems/injection/index.md
+++ b/content/en/docs/ops/common-problems/injection/index.md
@@ -239,3 +239,21 @@ node autoscaler is unable to evict nodes with the injected pods. This is
 a [known issue](https://github.com/kubernetes/autoscaler/issues/3947). The workaround is
 to add a pod annotation `"cluster-autoscaler.kubernetes.io/safe-to-evict":
 "true"` to the injected pods.
+
+## Pod or containers start with network issues if istio-proxy is not ready
+
+Many applications execute commands or checks during startup, which require network connectivity. This can cause application containers to hang or restart if the `istio-proxy` sidecar container is not ready.
+
+To avoid this, set `holdApplicationUntilProxyStarts` to `true`. This causes the sidecar injector to inject the sidecar at the start of the pod’s container list, and configures it to block the start of all other containers until the proxy is ready.
+
+This can be added as a global config option:
+
+{{< text yaml >}}
+values.global.proxy.holdApplicationUntilProxyStarts: true
+{{< /text >}}
+
+or as a pod annotation:
+
+{{< text yaml >}}
+proxy.istio.io/config: '{ "holdApplicationUntilProxyStarts": true }'
+{{< /text >}}