Stack Overflow
Stack Overflow

Questions tagged [istio-sidecar]

196 questions
1
vote
1 answer

Istio VirtualService not used in k8s Service

Hi I'm very newby in Istio/K8s, and I'm trying to make a service that I have test-service to use a new VirtualService that I've created. Here the steps that I did kubectl config set-context --current --namespace my-namespace I create my…
paul
  • 12,873
  • 23
  • 91
  • 153
1
vote
1 answer

Istio routing to chaos testing

I'm reading traffic management documentation and also use Istio for chaos testing. I know we can use some headers value to routing traffic for AB testing, but what I would like to know is if I can do the same to return an error in one service or…
paul
  • 12,873
  • 23
  • 91
  • 153
1
vote
1 answer

Do pods of the same deployment share the same certificate when using Istio mTLS

When enabling mTLS in Istio, every pod of a given deployment has a certificate. My question is: do pods of the same deployment share the same certificate or it's different for every pod?
mark009
  • 33
  • 4
1
vote
0 answers

Isito - Enable/disable envoy external auth http filter per route

I am trying to apply ext authz filter per route for my app but it is failing. Below are the filter configuration step-1. Applied below configuration for the app and all the request are passing filter fine but i want the filter to disabled for…
jagannath K
  • 11
  • 2
1
vote
1 answer

Is it possible to use RequestAuthentication and AuthenticationPolicy for microservice to microservice communication

We have recently setup istio on our kubernetes cluster and are trying to see if we can use RequestAuthentication and AuthenticationPolicy to enable us to only allow a pod in namespace x to communicate with a pod in namespace y when it has a valid…
gdix0n
  • 214
  • 3
  • 13
1
vote
0 answers

how to use hcm filter in envoy filter?

guys! i want to distribute flow in egress by using hcm, such as www.xxx.com:8000(sidecar) -> clusterA(egress) www.yyy.com:8000(sidecar) -> clusterB(egress) rest request (sidecar) -> original process(egress) the match request can be routed…
KernelPanic
  • 11
  • 1
1
vote
0 answers

Use the default profile to install istio-1.5.0 on k8s-1.15, the istio-proxy meet the istio-token pemission denied problem

The istio-1.5.0 install with default profile on k8s-1.15, the istiod does fail to startup. Because the access permission of istio-token is wrong, check the istiod, the permission of istio-token file is istio-proxy, but there is no read and write…
Jared
  • 11
  • 1
1
vote
0 answers

Unmarshal nested GRPC structure in go

We want to unmarshal (in golang) a GRPC message and transform it into a map[string]interface{} to further process it. After using this code: err := ptypes.UnmarshalAny(resource, config) configMarshal, err := json.Marshal(config) var configInterface…
c m adam
  • 11
  • 3
1
vote
1 answer

SSL certificate verification error on outgoing cluster traffic

Bug Description My cluster uses Istio and one of service (java) which is deployed in mesh needs to connect to external resource x.cmp.net/doc.pdf with http and 443 port. This external resource using trusted wildcard cert (DigiCert) with subjects…
lukisp
  • 1,031
  • 3
  • 14
  • 27
1
vote
1 answer

How to set the istio sidecar lifecycle

How can I configure something so that the injected istio sidecar uses the recent kubernetes container lifecycle of sidecar? The sidecar lifecycle is discussed here and here. More specifically is there an annotation similar to…
user2133814
  • 2,431
  • 1
  • 24
  • 34
1
vote
1 answer

envoy lua filter - authorization header to envoy_on_response() method

I have a envoy lua filter to intercept upstream response and call a external api from the lua filter's "envoy_on_response" method. I need request_handle's "authorization" value inside envoy_on_response()" coroutine and pass it to external api call.…
sriba
  • 745
  • 1
  • 6
  • 13
1
vote
1 answer

how to upgrade Istio in AKS from version 1.7 to 1.8

I am very new to ISTIO and would like to get clarified with my following doubts. Details Current AKS version 1.18.14 planning upgrade to AKS 1.19.11 Current istio version 1.7 Planning upgrade to 1.8 We are planning to upgrade Istio version from…
Vowneee
  • 956
  • 10
  • 33
1
vote
0 answers

I wan to modify the http response code and the body from Istio ingress

I have currently written below auth manifest for Istio. kind: RequestAuthentication metadata: name: "jwt-validation" namespace: some-namespace spec: selector: matchLabels: auth: required jwtRules: - issuer: "https://you.auth0.com/" …
Samir Parhi
  • 41
  • 6
1
vote
1 answer

Istio Init Containers do not work with Pod Security Policies

I am running AWS EKS 1.16 with Istio Service Mesh 1.8.6. I have applied a Pod Security Policy where I am denying Privileged Containers, Running as Root and Privilege Escalation and am allowing NET_RAW and NET_ADMIN capabilities as Istio init…
YYashwanth
  • 670
  • 1
  • 6
  • 14
1
vote
1 answer

envoy filter to intercept upstream response

I have written the ext_authz filter for envoy and have basic understanding of how envoy filters done. But now I want to filter the response coming back from the upstream. Specifically, I want to handle two things: Intercept data/jsonBody coming…
sriba
  • 745
  • 1
  • 6
  • 13
1 2 3
12 13