Stack Overflow
Stack Overflow

Questions tagged [istio-sidecar]

196 questions
3
votes
1 answer

Istio allow third party JWT on Docker Desktop Kubernetes

I'm using the pre-packaged Kubernetes cluster that comes with docker desktop. I'm on a windows machine, running the Kubernetes on a Ubuntu-18.04 VM using WSL 2. On my Kubernetes cluster I run: istioctl install --set profile=demo --set…
João Areias
  • 1,192
  • 11
  • 41
3
votes
1 answer

Istio Exclusion matching not working for healthz api without jwt principal

My RequestAuthentication is this apiVersion: security.istio.io/v1beta1 kind: RequestAuthentication metadata: name: testing-dev-authenticator namespace: istio-system spec: selector: matchLabels: istio: ingressgateway jwtRules: -…
Jithin Kumar S
  • 701
  • 2
  • 9
  • 20
3
votes
0 answers

Istio keeps using deleted pod IP

We are using Istio 1.8.1 and have started using a headless service to get direct pod to pod communication working with Istio mTLS. This is all working fine, but we have recently noticed that sometimes after killing one of our pods we get 503 no…
Ryan Harley
  • 31
  • 2
3
votes
1 answer

How to disable istio-proxy sidecar access log for specific deployments in Kubernetes

I'm using istio-proxy sidecar with Kubernetes, sidecars are automatically added to the Kubernetes pods. I want to turn off the access log for one single deployment (without disabling the sidecar). is there an annotation to do that?
Maoz Zadok
  • 4,871
  • 3
  • 33
  • 43
3
votes
1 answer

Error: template: inject:469: function "appendMultusNetwork" not defined

istioctl kube-inject \ --injectConfigFile inject-config.yaml \ --meshConfigFile mesh-config.yaml \ --valuesFile inject-values.yaml \ --filename samples/sleep/sleep.yaml \ | kubectl apply -f - While trying to inject istio sidecar container manually…
ANKUSH KUMAR
  • 75
  • 7
3
votes
1 answer

ISTIO - Egress Gateway returns - command terminated with exit code 35?

I have installed ISTIO with the below configuration cat << EOF | kubectl apply -f - apiVersion: install.istio.io/v1alpha1 kind: IstioOperator metadata: namespace: istio-system name: istio-control-plane spec: # Use the default profile as the…
One Developer
  • 99
  • 5
  • 43
  • 103
2
votes
0 answers

Istio EnvoyFilter local rate limiter applied to gateway is not synchronized between gateway pods

I am endeavoring to implement rate limiting using the components provided by Istio, specifically the EnvoyFilter. My intention is to apply this filter exclusively to HTTP requests with a particular prefix path, such as "/api/serviceA/v1/*". To…
kpodgorski
  • 21
  • 2
2
votes
1 answer

Istio cuts the request with large response after two minutes

I have a Kubernetes environment with Istio gateway set up. I've stumbled upon an issue that I can't seem to resolve. We created a Nodejs Backend microservice that serves an API and one of the API endpoints can serve a large response of 100MB+. All…
f.bele
  • 207
  • 2
  • 13
2
votes
1 answer

Override Istio retry back off interval

I am trying to override Istio's default retry back off interval with the help of an EnvoyFilter. I have three services, each calling it's successor. Service-2 has retries enabled with a VirtualService. apiVersion: networking.istio.io/v1alpha3 kind:…
V3RO
  • 21
  • 3
2
votes
1 answer

k8s user container is getting shut down by envoy/istio sigterm without completing process

Envoy sending TERM signal and closing my application before the process completion. Increasing Drain Duration preventing the pod from going down after the completion.(its waiting for the grace duration to be over and not allowing any new…
KarthiGuna
  • 21
  • 1
2
votes
1 answer

Use sidecar to translate opaque token to JWT in Istio

I consider if there is a way to use Istio to translate opaque token to JWT. Use case: There are two services (service 1 which is consumer and service 2 which is producer) Service1 works with opaque token, Service2 can be authenticate & authorize…
mattipr89
  • 23
  • 5
2
votes
2 answers

Java container that works as a Pod not working in a Job

I'm trying to use a container that contains a Java tool to do some DB migrations on a MySQL database in a Kubernetes Job. When I run the container locally in Docker (using a MySQL container in the same network), the tool runs as expected. And if I…
wtfc63
  • 93
  • 1
  • 6
2
votes
0 answers

Is there any way to disable sampling decision made by istio envoy proxy (zipking)?

Is there any way to disable sampling decision made by istio envoy proxy (zipking) ?
Subhadeep Sen
  • 21
  • 1
2
votes
0 answers

Default timeout value of istio

I have a service in which i have added a delay of 5 minutes. So the request to this service will take 5 minutes to give the response. Now I have deployed this service in kubernetes with istio v1.5. When I am calling this service through the ingress…
Vineeth NG
  • 240
  • 3
  • 22
2
votes
1 answer

Access external jwksuri behind a company proxy

I am new to istio and had doubt configuring a Request authentication policy.The policy uses a jwksuri which is an external URI.The policy is applied on the istio-system namespace.The moment I apply this policy and do >istioctl proxy-status The…
user2714010
  • 525
  • 1
  • 5
  • 26
1
2
3
12 13