Stack Overflow
Stack Overflow

Questions tagged [istio-sidecar]

196 questions
1
vote
1 answer

Why is My TCP Istio EnvoyFilter Not Working?

I am trying to set TCP idleTimeout via an Envoy Filter, so that outbound connections external domain some.app.com will be terminated if they are idle for 5s: apiVersion: networking.istio.io/v1alpha3 kind: EnvoyFilter metadata: name:…
bakadevops
  • 189
  • 1
  • 6
  • 18
1
vote
2 answers

How to access the prometheus & grafana via Istion ingress gateway? I have installed the promethius anfd grafana through Helm

I used below command to bring up the pod: kubectl create deployment grafana --image=docker.io/grafana/grafana:5.4.3 -n monitoring Then I used below command to create custerIp: kubectl expose deployment grafana --type=ClusterIP --port=80…
Samir Parhi
  • 41
  • 6
1
vote
1 answer

Configure istio for both tls and MTLS

I have a Kubernetes app and I'm having the istio sidecar set up. Is it possible configure istio MTLS for a subset of APIs and others with simple TLS?
Ani
  • 109
  • 2
  • 12
1
vote
1 answer

ext_authz cluster 'x' does not exist

I'm trying to use istio for jwt verification. I have an app with label app=auth-verify running on port 3000, which has 1 endpoint /auth which will check the Authorization header. The main app has label app=backend expects the auth-verify app to…
AshanPerera
  • 596
  • 1
  • 7
  • 18
1
vote
1 answer

How to exclude istios side-car container logs from fluentbit

I need to exclude the logs generated by istio's sidecar from fluentbit. In the official documentation the only thing I managed to find regarding excluding logs from the fluentbit was an annotations in the metadata section I don't think will fit in…
Joao Braga
  • 23
  • 4
1
vote
1 answer

Https request to certain url is not working (ssl:wrong_version_number Error)

My platform version: AWS EKS 1.18 istio 1.7.3 Hi, I have a problem when requesting via https. When I try to connect to "https://kinesis.ap-northeast-2.amazonaws.com" on ssl, I get ssl3_get_record:wrong version number error. However, SSL requests…
mjkim
  • 581
  • 3
  • 6
  • 19
1
vote
0 answers

gRPC connection between two different meshes is reset

I have two different clusters (EKS, v1.18) with their own meshes (v1.9.0). I have a Thanos deployment on cluster A and a Prometheus deployment on cluster B (with the thanos sidecar running too). The goal is to have thanos query these sidecars in…
Kevin Mai
  • 65
  • 7
1
vote
1 answer

Is there a way to run Istio sidecar within virtual-node on azure?

I have an AKS cluster on Azure with virtual-nodes enabled (virtual-kubelet/azure-aci v1.3.2) and it works OK (a little flakey, but does mostly work). My problem is that as soon as I enable istio side car injection on any deployment I want to run on…
AndyMoose
  • 425
  • 3
  • 11
1
vote
1 answer

istio-ingressgateway LoadBalancer showing "Pending" in AWS EKS

I have installed a private EKS cluster where subnets attached are private subnet. What my requirement is "Private EKS with Istio installation" and create multiple microservices and expose them within the vpc. For exposing them within VPC, i expected…
Jithin Kumar S
  • 701
  • 2
  • 9
  • 20
1
vote
0 answers

Istio ingress gateway configuration for upstream and downstream with RBAC

Having trouble with istio ingress gateway. We configured gateway in SIMPLE tls mode for traffic coming into the mesh. But we also want istio ingress gateway to talk to application services(with istio-proxy sidecar) with mTLS. Virtual Services are…
Shadja Chaudhari
  • 253
  • 1
  • 3
  • 6
1
vote
1 answer

gRPC Node microservice talking to another microservice in istio mesh

I've got several gRPC microservices deployed via Istio in my k8s pod behind a gateway that handles the routing for web clients. Things work great when I need to send an RPC from client (browser) to any of these services. I'm now at the point where…
codedread
  • 1,312
  • 11
  • 18
1
vote
1 answer

Istio Request Authentication - getting Cors with result 404

This is my requestauthentication, apiVersion: security.istio.io/v1beta1 kind: RequestAuthentication metadata: name:prod-authenticator namespace: prod spec: selector: matchLabels: istio: ingressgateway jwtRules: - issuer:…
Jithin Kumar S
  • 701
  • 2
  • 9
  • 20
1
vote
0 answers

TLS origination from sidecar proxy failing with error [TLS error: 268436576:SSL routines:OPENSSL_internal:]

I am trying to initiate a mTLS connection directly from the sidecar proxy container to the external service without any egress gateway. My current config looks something like below. As you can see, I'm trying to upgrade the http requests to https…
PDP
  • 151
  • 1
  • 5
  • 14
1
vote
1 answer

Istio Primary Remote, Different Network. Setting Remote pilot address (in cluster 2) is bind to port 15012 (for xDs)

I am following this guide for primary remote setup on different network. https://istio.io/latest/docs/setup/install/multicluster/primary-remote_multi-network/ Instead of using the load balancer on primary to expose the istiod, I am trying to use…
Umair Ahmad
  • 11
  • 4
1
vote
0 answers

Not able to access admin console of keycloak

Problem - Not able to access admin console of keycloak Environment: Kubernetes with istio proxy (Basically Reverse Proxy Environment) keycloak running on http and ssl is terminated at istio gateway Please help us to solve this issue.
Vijeta helloindia
  • 11
  • 1
1 2 3
12 13