0

After I inject network delay of, say 5s, using add_delay_fault function, the delay is nicely effected for all traffic coming in via the Istio ingress gateway LB. However, if I try to call the same application service (which has delay configured) from a dummy nginx pod in the same cluster, the response is immediate 'without' any delay.

Given that every app pod has the envoy proxy car with it(which is implementing all the Istio rules) I was assuming that even the intra-cluster communication should have same effect. I couldn't find much from the documentation. Would be great if experts here can throw some light on this behaviour.

Here's one way i injected the delay - as a manifest for chaostoolkit.

version: 1.0.0
title: What happens if we abort and delay responses
description: If responses are aborted and delayed, the dependant application should retry and/or timeout requests
tags:
- k8s
- istio
- http
configuration:
  ingress_host:
      type: env
      key: INGRESS_HOST
method:
- type: action
  name: delay
  provider:
    type: python
    module: chaosistio.fault.actions
    func: add_delay_fault
    arguments:
      virtual_service_name: newapp
      fixed_delay: 5s
      routes:
        - destination:
            host: newapp
            subset: v1
      percentage: 100
      version: networking.istio.io/v1alpha3
      ns: default

The result is the same even when i directly changed the virtual service as a k8s manifest as below, i.e, the delay exists if i access through the gateway but no delay when the service is directly called from another pod in the same cluster:

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: newapp
spec:
  hosts:
  - newapp
  - "newapp.example.com"
  gateways:
  - newapp-gateway
  http:
  - fault:
      delay:
        percent: 100
        fixedDelay: 5s
    route:
    - destination:
        host: newapp
        subset: v1
mgn
  • 129
  • 1
  • 10
  • can you post some additional details on how exactly you are adding the the delay? where is the `add_delay_fault` function invoked from? – pkaramol Feb 04 '22 at 12:53
  • I am adding the delay through a manifest file for 'ChaosToolkit'. Part of manifest shown here: - type: action name: delay provider: type: python module: chaosistio.fault.actions func: add_delay_fault arguments: virtual_service_name: newapp fixed_delay: 5s routes: - destination: host: newapp subset: v1 percentage: 100 version: networking.istio.io/v1alpha3 ns: default – mgn Feb 04 '22 at 16:06
  • can you add it as a formatted `yaml` snippet in the question body? – pkaramol Feb 04 '22 at 16:49
  • added now.. thx – mgn Feb 05 '22 at 03:42
  • How are you making the internal call? If the call is not going though istio gateway i believe that the istio rules could be bypassed and not applied to that call. – Piotr Malec Feb 11 '22 at 17:42
  • @PiotrMalec, for the internal call I am creating a dummy nginx pod and run 'curl servicename' from there. My query is that, since the envoy proxy car is attached to the app pod, even the internal calls would be impacted. But looks like that's not the case. Only the calls thru the istio gateway seem to be impacted. – mgn Feb 12 '22 at 06:54

1 Answers1

0

In order to use istio filter features such as fault injections you will need to use istio gateway.

The example for how to configure gateway for internal use check out this answer as it explains it perfectly.

Piotr Malec
  • 3,429
  • 11
  • 16