Stack Overflow
Stack Overflow

Questions tagged [istio-sidecar]

196 questions
0
votes
1 answer

create custom sidecar and inject in istio service mesh

I am new to the world of sidecar and istio. Have been reading about this for around a week. But still can't find an perfect answer. First of all, is it possible to inject a custom sidecar using istio. Functionality that i want to achieve is, in…
Ankit Ostwal
  • 1,033
  • 3
  • 14
  • 32
0
votes
0 answers

Istio upstream connect error or disconnect/reset before headers. reset reason: connection termination for mTLS mode

I am new to istio and i am trying to enable the STRICT mode of mTLS at the namespace level i.e apiVersion: security.istio.io/v1beta1 kind: PeerAuthentication metadata: name: prod namespace: prod spec: mtls: mode: STRICT Everything seems…
Rationale
  • 1
  • 2
0
votes
1 answer

Istio Ingress Gateway for gRPC with SIMPLE TLS : Remote Reset Error

We have been trying to Secure Gateways with SIMPLE TLS for our gRPC Backend which is deployed in Minikube (minikube version: v1.25.2) for now by following this link. We were able to successfully access the gRPC service (gRPC server with .NET 6) over…
sayak_ghosh90
  • 41
  • 10
0
votes
0 answers

Inject secrets in AuthorizationPolicy Istio?

Is it possible to inject secret in 'when' part of istio AuthorizationPolicy rules? apiVersion: security.istio.io/v1beta1 kind: AuthorizationPolicy metadata: name: my-policy namespace: "istio-system" spec: action: ALLOW rules: - when: -…
Mark
  • 833
  • 1
  • 9
  • 27
0
votes
0 answers

502 Bad gateway Error for nginx deployments if istio automatic injection enabled into namespace

https://github.com/istio/istio/issues/41233 I have one namespace 'eshop-bg-poc' into kubernetes cluster and I have enabled istio automatic injection also into namespace. I have one nginx under service name 'eshop-bgpoc-nginx' running with minimum…
hunny kalra
  • 1
  • 3
0
votes
1 answer

Route TCP traffic from ingress-nginx to istio service mesh with mTLS mode STRICT

I am using ingress-nginx v1.3.0 (installed with Helm chart v4.2.3) as a load balancer on DigitalOcean's Kubernetes. In the Kubernetes cluster, I am running istio v1.15.0 service mesh. The mesh runs with peer authentication mTLS mode set to "STRICT"…
Aleš Krajník
  • 177
  • 1
  • 10
0
votes
1 answer

Can't Curl Services running in the kubernetes cluster from the vm in istio mesh

I am trying to deploy Istio on Virtual Machines. I am current architecture I have Kubernetes cluster which run the istio control plane (istiod) and a vm which is running the famous bookinfo istio application rating application. I am following the…
Kunal Malhotra
  • 493
  • 1
  • 5
  • 17
0
votes
1 answer

Istio metrics - istio_request_duration_milliseconds_count and istio_request_duration_milliseconds_sum

I see these two metrics emitted by istio sidecars, but i am unable to find documentation on what they are. istio_request_duration_milliseconds_count istio_request_duration_milliseconds_sum What do these two metrics signify?
Jerald Baker
  • 1,121
  • 1
  • 12
  • 48
0
votes
1 answer

How to apply EnvoyFilter to Sidecar Inbound and Gateway?

I want to configure an EnvoyFilter to run only on Gateway and Sidecar-Inbound. Gateway and the Apps are in different namespaces. If I specify the context as ANY, it will apply to Gateway, Sidecar-inbound and sidecar-outbound. However, I want it to…
Jerald Baker
  • 1,121
  • 1
  • 12
  • 48
0
votes
1 answer

Istio EnvoyFilter - Wasm - Classifying Metrics Based on Request or Response

I am trying to insert a custom dimension for an istio metric for URL path. I am following the steps here - https://istio.io/latest/docs/tasks/observability/metrics/classify-metrics/ Specifically, this part, where I can parse the URL and decide the…
Jerald Baker
  • 1,121
  • 1
  • 12
  • 48
0
votes
1 answer

Istio Sidecar Connection Pooling?

I've been reading documentation up and down all day and I can't seem to get this to work. I have an unruly application that opens a connection for every HTTP request. I would like to improve performance by forcing HTTP multiplexing over long lived…
Breedly
  • 12,838
  • 13
  • 59
  • 83
0
votes
0 answers

Istio Service Mesh Side Car Injection Fail

While testing istio service mesh, I used one of the sample deployment called 'book-review'. I started the deployment + service with kubectl create -f ./samples/bookinfo/platform/kube/bookinfo.yaml. After this I did istio analyse and noticed I need…
K8 Noob
  • 1
  • 2
0
votes
0 answers

why istio sidecar doen't support direct access by DNS

I'm using istio 1.4.10 and trying to direct access External service by Dns. Cause don't need traffic control and I Don't know service IP changed. so.. Can i direct access by DNS.
reperion
  • 129
  • 9
0
votes
1 answer

Istio WorkloadEntry sidecar a requirements?

I'm interested in putting a vendor provided application running in an AWS EC2 Instance behind my Istio gateway. It sounds like the ideal scenario is to use a WorkloadEntry to define the endpoint and make it easy to flex should I ever get this into…
Josiah
  • 2,666
  • 5
  • 30
  • 40
0
votes
1 answer

OCI APM domain with Istio zipkin not pushing tracing details

i am following this document to set up the distributed tracing : https://docs.oracle.com/en-us/iaas/Content/ContEng/Tasks/contengistio-intro-topic.htm#exploring_istio_observability My Cluster is on GKE GCP for testing purposes, installed istio top…
Harsh Manvar
  • 27,020
  • 6
  • 48
  • 102
1 2 3
12 13