Questions tagged [istio-sidecar]
196 questions
2
votes
1 answer
Liveness and Readiness probes failing in Kubernetes cluster- istio proxy sidecar injection is enabled in application
Below is the config for probes in my application helm chart
{{- if .Values.endpoint.liveness }}
livenessProbe:
httpGet:
host: localhost
path: {{ .Values.endpoint.liveness | quote }}
…

Uma Mahiswari
- 101
- 1
- 2
- 3
2
votes
2 answers
Istio: Injected pod replicas in different nodes can't communicate with istio
Using Istio 1.9.2
kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8s-d0 Ready control-plane,master 7d2h v1.20.5
k8s-d1 Ready 7d2h v1.20.5
k8s-d2 Ready 7d2h…

brgsousa
- 333
- 1
- 7
- 20
2
votes
0 answers
Istio1.9 integration with virtual machine (aws ec2) getting host file as empty
I have installed mysql in a VM and wanted my EKS with istio 1.9 installed to talk with them, i am following this https://istio.io/latest/docs/setup/install/virtual-machine/ but when am doing this step the host file which getting generated is empty…

Jithin Kumar S
- 701
- 2
- 9
- 20
2
votes
2 answers
Rate limit feature implementation in Istio1.9
I have done initial setup of Istio 1.9 and deploy the bookInfo application to replicate the sample provided in Istio site for rate limiting. As we have use case in our application to implement rate limiting. I am project Istio as a solution but i am…

guru
- 97
- 1
- 8
2
votes
1 answer
Disable Istio default retry strategy (at least on POST requests)
I have an application (microservices-based) running on kubernets with Istio 1.7.4
The microservices has its own mechanisms of transaction compensation on integration failures.
But Istio is retrying requests, when some integrations has 503 status…

Samuel de Oliveira Marques
- 54
- 1
- 4
2
votes
0 answers
Istio: Health check / sidecar fails when I enable the JWT RequestAuthentication
OBSOLETE:
I keep this post for further reference, but you can check better diagnose (not solved yet, but workarounded) in
Istio: RequestAuthentication jwksUri does not resolve internal services names
UPDATE:
In Istio log we see the next error. uaa…

Sourcerer
- 1,891
- 1
- 19
- 32
2
votes
3 answers
Istio and Hashicorpt Vault agent Sidecar not working properly
I am using on-prem k8s v1.19 and Istio with 1.8.0.. I got stuck to run them together properly when I inject istio mesh to the hub-dev where our microservices are running. Vault is running dev namespace.
The first issue I had is Vault and Istio…

semural
- 3,583
- 8
- 37
- 67
1
vote
1 answer
An alternative way to deal with Istio CNI daemonset's 'race condition' issue for my standalone pods?
I have a Kubernetes cluster setup with a cluster autoscaler, and I'm trying to get Istio behaving properly on this cluster.
In my setup, I'm stuck with a few things:
There are standalone pods that get scheduled on my nodes (not under any…

Pranav Bhatt
- 125
- 1
- 11
1
vote
0 answers
istio 1.17 SEC_E_UNTRUSTED_ROOT (0x80090325) - The certificate chain was issued by an authority that is not trusted
created ssl certificate and imported into istio gateway and virtual service up and running fine. while accessing with curl from ingressateway ip it showing error.
curl…

Sridharan r.g
- 41
- 2
1
vote
0 answers
How to fix keycloak production system running into istio-proxy healthcheck issue with error 500 and routing is not working as expected?
I deployed keycloak to our k8s cluster, with the production start option, but the istio healthchecks and the routing from the virtualservices are running into issues with the specified port. The port the keycloak should be working on is 8443, when…

belony
- 21
- 2
1
vote
0 answers
how to write an envoy filter to allow http version 1.0 into the kubernetes cluster
curl response>> HTTP/1.1 426 Upgrade Required
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name: http10-filter
spec:
workloadSelector:
labels:
istio: ingress
configPatches:
- applyTo: NETWORK_FILTER
…

Chethan Chowdary
- 11
- 2
1
vote
0 answers
Destination Rule does not seem to work for internal service calls with istio
I have 2 services with DestinationRule enabled in both the services. I have been able to achieve session affinity for external calls to the services individually. When I try to perform an internal call from Service A to Service B, the…

Vaibhav
- 507
- 2
- 4
- 20
1
vote
0 answers
Istio - How to differentiate between normal call and retried call?
I have ISTIO Access logging enabled.
If a service A calls service B, and if Service B returns say 5xx, then istio from service A will retry the call.
This will result in 2 access logs, one for the first call and one for the retried call.
How can I…

Jerald Baker
- 1,121
- 1
- 12
- 48
1
vote
1 answer
Does all Knative traffic have to route through Master node?
My question: Is all traffic from users to Knative service/pod must traverse through Master node?
For example: I, as a customer from outside of the cluster, create a curl request to a service (pod HelloWorld), then is it true that my request and the…

KenNG
- 11
- 1
1
vote
0 answers
Istio installation failed with windows node as worker
I have created a kubernetes cluster with CentOS7 as master node and a windows as worker. I am not able to install istio using master.
✔ Istio core installed
✘ Istiod encountered an error: failed to wait for resource: resources not ready after 5m0s:…

Ajin Pradeep
- 41
- 3