Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [istio]

29 questions
3
votes
2 answers

How can I get Egress Static IP per namespace within a EKS cluster

My current setup involves an EKS Cluster with multiple namespaces (multi-tenant) across many different EKS nodes in private subnets. I would like the egress traffic from the pods to have a dedicated EIP per namespace. AFAIK there are no off the…
Karthik Balasubramanian
  • 151
  • 1
  • 5
2
votes
0 answers

istio sidecar injection not working

I have installed istio in my k8s cluster, and labeled my desired namespace with istio-injection=enabled However, when I install a pod, it doesn't inject the sidecar. I followed the instructions on this page:…
Nate Houk
  • 143
  • 7
2
votes
1 answer

Jupyter notebook on kubernetes not being able to connect to outside docker service

Im running a kubernetes (kubeflow + k8s) pod with a jupyter notebook and a docker service outside of the kubernetes server, im currently trying to connect to a sql service but it keeps getting ConnectionResetError, both firewall and docker are…
tommyduarte
  • 31
  • 1
2
votes
0 answers

Istio egress gateway HANDSHAKE_FAILURE_ON_CLIENT_HELLO with custom certs

What we ware trying to achieve is point mesh traffic to an external service via an egressgateway. We tried several iterations, and now trying with an egressgateway in between. The external service is running with our certificates. Mesh >…
MrVentzi
  • 121
  • 1
1
vote
2 answers

How do I configure routing for non-knative service in a Knative & Istio installed k8 cluster?

I have a Knative installed with Istio as networking layer (without injection) The kubernetes cluster is using Istio ingress gateway as default ingress. Most Knative service's routing are managed automatically by Knative & Istio. However I am trying…
Darkbluelion
  • 11
  • 1
1
vote
1 answer

How to setup custom authentication and authorization in Istio/K8?

Let's say, I have a project that has 8 pods(services). I understand that authentication and authorization are covered in Istio Gateway using jwt. So that every request is verified. But users with different roles ex: [teacher, student, staff] need to…
coolisuz
  • 13
  • 2
1
vote
0 answers

aws-load-balancer-controller annotations not working

I'm trying to automatically start an ALB in my EKS cluster by using the aws-load-balancer-controller This is what the logs of my deployment look like: $ kubectl logs -n kube-system deployment.apps/aws-load-balancer-controller Found 2 pods, using…
E-Kami
  • 123
  • 1
  • 6
1
vote
1 answer

Istio Keeps On Showing TcpProxyValidationError Errors

I initially created an EnvoyFilter to apply idle_timeout of 5s to outbound requests originating from workloads with label app: mecha-dev. apiVersion: networking.istio.io/v1alpha3 kind: EnvoyFilter metadata: name: tcp-idle-timeout spec: …
bakadevops
  • 43
  • 1
  • 5
1
vote
1 answer

Why is My Istio EnvoyFilter with TCP Idle Timeout Setting not working?

I have created an EnvoyFilter to apply TCP idle timeout to outbound requests. Here's my filter configuration: apiVersion: networking.istio.io/v1alpha3 kind: EnvoyFilter metadata: name: tcp-idle-timeout spec: workloadSelector: labels: …
bakadevops
  • 43
  • 1
  • 5
1
vote
0 answers

Istio Multicluster: Terminate mTLS at Ingress Gateway for Non-proxied Service

I am writing a service to coordinate Istio control planes in a "replicated control planes" configuration. I have managed to programmatically create ServiceEntry objects that correctly route between clusters – multicluster routing works great! Things…
pnovotnak
  • 260
  • 4
  • 11
1
vote
1 answer

istio-proxy 403 error:'upstream connect error or disconnect/reset before headers. reset reason: connection failure'

We have deployed an application behind the istio ingress gateway and is accessible at test.domain.com/jenkinscore.We have used istio 1.4.5. The domain name is created for the istio ingress gateway service IP. As per the below logs, when we hit this…
Meghana B Srinath
  • 105
  • 2
  • 12
0
votes
0 answers

How to route azure application gateway to a service in different namespace?

My ingress for azure application gateway, so that it will use istio gateway internally. apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: server-ingress namespace: productnamespace annotations: kubernetes.io/ingress.class:…
sardar
  • 1
  • 2
0
votes
0 answers

How to use mTLS without using istio ingress and using azure app gateway ingress?

We have our application running in aks cluster and using cert-manager helm chart in separate namespace for lets encrypt certificate generation. argocd namespace is for handling deployments. We need to enable mTLS, does that required istio to be…
sardar
  • 1
  • 2
0
votes
1 answer

Istio: How do I exclude unhealthy destination from a VirtualService?

I'm trying to configure load balancing and failover for external services. Each HTTP endpoint for the service needs its own specific headers. I created a virtual service with two destinations: apiVersion: networking.istio.io/v1beta1 kind:…
hylowaker
  • 101
  • 3
0
votes
0 answers

How to use open service mesh in kubernetes?

I am trying to test open service mesh for our application. No tags in serverfault for service mesh or servicemesh or osm or open service mesh,etc. So I kept istio as serverfault tag to this question as it is also a similar product of service…
sardar
  • 1
  • 2
1
2