Stack Overflow
Stack Overflow

Questions tagged [istio-operator]

36 questions
4
votes
2 answers

Istio Virtualservice creation access denied

I am trying to create an Istio Virtualservice. However, I am getting the below error, despite me having the cluster-admin role bound to. UPGRADE FAILED: could not get information about the resource: virtualservices.networking.istio.io "admin-ui" is…
Vaishnav
  • 611
  • 1
  • 9
  • 23
4
votes
2 answers

IstioOperator and sidecar autoinjection

How to enable sidecar injection using IstioOperator? This is my config and it is not enough for that. apiVersion: install.istio.io/v1alpha1 kind: IstioOperator metadata: name: control-plane-1-9-4 namespace: istio-system spec: components: …
Jonas
  • 4,683
  • 4
  • 45
  • 81
3
votes
1 answer

Istio External Authorization Error with Istio Operator

We have deployed Istio 1.11.0 using helm-chart in our dev and production environment. We are using below configuration in istio configmap, which we have updated via istio-control helm-chart. meshConfig: extensionProviders: - name:…
Ankita Sawant
  • 181
  • 2
  • 10
3
votes
1 answer

ISTIO HTTPS-HTTP 404 NR route_not_found

I am trying to configure TLS termination via Istio HTTPS -> HTTP. HTTP 80 works fine. HTTPS 443 works only for / path. HTTP 200: curl https://serviceA.example.com HTTP 404: curl https://serviceA.example.com/blabla Istio access logs: GET /blabla…
mar5
  • 51
  • 4
2
votes
0 answers

K8s Test - NewSimpleClientset for schemaless custom resource

I have a method which uses client-go's dynamic.Interface to dynamically fetch a schemaless custom resource called IstioOperator. iops, err := client.Dynamic().Resource(constants.IstioOperatorGVR). Namespace(brConfig.IstioNamespace). …
Kaushal28
  • 5,377
  • 5
  • 41
  • 72
2
votes
1 answer

Periodic Istio Citadel pod restart

Istio-citadel pods of istio 1.4.10 helm release, are restarted periodically. 2 replicas of istio-citadel are running. This happens once in every 4-5 days, when the number of CSR requests reaches 28.3k and memory reaches 9.8G. Memory increases…
Sharat Naik
  • 67
  • 8
2
votes
0 answers

How does one secure the Istio Operator?

The documentation says, Using an operator does have a security implication. With the istioctl install command, the operation will run in the admin user’s security context, whereas with an operator, an in-cluster pod will run the operation in its…
Chandra Sekar
  • 10,683
  • 3
  • 39
  • 54
2
votes
0 answers

Default timeout value of istio

I have a service in which i have added a delay of 5 minutes. So the request to this service will take 5 minutes to give the response. Now I have deployed this service in kubernetes with istio v1.5. When I am calling this service through the ingress…
Vineeth NG
  • 240
  • 3
  • 22
1
vote
0 answers

istio 1.17 SEC_E_UNTRUSTED_ROOT (0x80090325) - The certificate chain was issued by an authority that is not trusted

created ssl certificate and imported into istio gateway and virtual service up and running fine. while accessing with curl from ingressateway ip it showing error. curl…
Sridharan r.g
  • 41
  • 2
1
vote
1 answer

Istio Analyze Referenced selector not found: "app=istio-private-ingressgateway"

I have a gateway living in the gateways namespace and istio-ingressgateway living in istio-system namespace. The ingressgateway has the label app=istio-private-ingressgateway as follows k get pod -n istio-system -l…
user20143114
  • 31
  • 2
1
vote
0 answers

How to disable the unused port in istio operator

I want to follow the best practices and disable the unused ports. But I am not able to figure out where exactly to disable. I am using Istio operator to deploy istiod. I want to set flag grpcAddr="" in controlplane and also remove/disable unused…
Mahesh
  • 21
  • 1
1
vote
0 answers

Istio Services Goes down if Cluster Loses Single node

I have a cluster that loses kube worker nodes every so often (I'm are moving away from this service provider for this reason), but I'd still like to harden Istio from going down when we a kube node. The problem seems to be that if the node dies…
MikeSchem
  • 950
  • 2
  • 16
  • 29
1
vote
0 answers

Disable Istio default retry on errorcode 503

I am not sure, whether we are talking about the smae issue. I will try to explain the scenario which I am trying. I have 2 services appservice-A and appservice-B, both are in the same namespace "mynamespace" and both have seperate Virtual service…
Vowneee
  • 956
  • 10
  • 33
1
vote
1 answer

How to disable istio retry

We are using Istio 1.11.2 and facing some issue with Istio retry. In order to disable the automatic retry, we added the following block in object in the http list. However, Istio still retries requests. apiVersion: networking.istio.io/v1beta1 kind:…
Vowneee
  • 956
  • 10
  • 33
1
vote
1 answer

Is it possible to use RequestAuthentication and AuthenticationPolicy for microservice to microservice communication

We have recently setup istio on our kubernetes cluster and are trying to see if we can use RequestAuthentication and AuthenticationPolicy to enable us to only allow a pod in namespace x to communicate with a pod in namespace y when it has a valid…
gdix0n
  • 214
  • 3
  • 13
1
2 3