Questions tagged [istio-sidecar]
196 questions
1
vote
1 answer
hosting multiple web apps using the istio ingress gateway
We are using istio as a service mesh to secure our cluster. We have several web applications exposed through the ingress gateway as follows ingress-gateway-id:80/app1/, ingress-gateway-id:80/app2/ and ingress-gateway-id:80/app3/.
We have a gateway…
Hisham Ismail
- 11
- 2
1
vote
1 answer
ISTIO Egress gateway Flow
I have installed ISTIO with the below configuration
cat << EOF | kubectl apply -f -
apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
metadata:
namespace: istio-system
name: istio-control-plane
spec:
# Use the default profile as the…
One Developer
- 99
- 5
- 43
- 103
1
vote
2 answers
Azure Kubernetes - Istio Egress not working
I have used the following configuration to setup the Istio
cat << EOF | kubectl apply -f -
apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
metadata:
namespace: istio-system
name: istio-control-plane
spec:
# Use the default profile as…
One Developer
- 99
- 5
- 43
- 103
0
votes
0 answers
Not getting response body with istio header based routing
I am looking to configure header based routing using virtual service and destination rule. Below is the config.
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: direct-cnn-through-egress-gateway
namespace:…
0
votes
0 answers
How Istio redirects traffic and present certificate for authentication
We have two pods say A and B, both in same namespace with istio injected. Now pod A wants to authenticate itself to pod B using x509 certificate. Fom pod A, in the curl command, if we provide the,
https in URL and certificate provided explicitly…
0
votes
0 answers
Authenticator KubeJWTAuthenticator at index n got error:
We have a vanilla Kubernetes cluster on AWS which has our deployments running . The pods are configured with Istio and we havent faced any issue all these years . All of a sudden since few hours , we started seeing this error being thrown from one…
deDishari
- 187
- 1
- 3
- 11
0
votes
0 answers
istio sidecar proxy pass header from service a to service b
I have a service-A that receives a header "Authorization" I want to pass this header for outbound calls to service-B. I set up an EnvoyFilter but the header is never added.
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name:…
slik
- 5,001
- 6
- 34
- 40
0
votes
1 answer
Can istio exclude POD from the load balancing by latency?
I have two services (A and B for example) that communicate with each other via GRPC and work in an OpenShift cluster. I want to exclude sick pods from balancing by response time. For example, if the response time of service B is set to more than…
Genrih Frank
- 5
- 1
0
votes
0 answers
"UO" outliner detection flag in istio_requests_total metric is missing ,but see a flag with "-"
I have a weird issue when trying to check circuit breaker metric .
The query I used is
sum(istio_requests_total{response_code="503",response_flags="-",reporter="destination"}) by (pod_name,source_app, response_flags,…
LKK
- 13
- 8
0
votes
1 answer
Istio mTLS Clarification
I am a newbie with Istion. Recently I read from other Stack overflow Posts that communication between Istio Side car and the main container is not encrypted. However in a scenario where, I am performing a TLS passthrough in Istio at the…
santosh2000
- 1
- 1
0
votes
0 answers
failed to call webhook: Post[https://istiod.istio-system.svc:443/validate?timeout=30s] validate?timeout=30s
I am unable to create virtual service or a serviceaccount in my GKE environment. My current istio version is istio-1.16.2.
kubectl apply -f vs.yml
Error from server (InternalError): error when creating “vs.yml”: Internal error occurred: failed…
Dharun K
- 1
0
votes
0 answers
How to Enforce outbound traffic of istio-enabled namespace over a consistent IP in IKS?
I've my application deployed in istio-enabled namespace in IKS. I've egress-gateway service available in 'istio-system' namespace with external IP.how to enforce egress traffic over this external IP of egress-gateway for a istio-enabled namespace?…
developer_here
- 1
- 1
0
votes
2 answers
mTLS from Istio Gateway to upstream workload not working
I am unable to get mTLS working between an Istio Gateway and a workload within my mesh. I get the following error when calling from the Istio Gateway to the target service:
curl http://target-service.default
curl: (56) Recv failure: Connection reset…
Ryan Pagel
- 1
- 2
0
votes
1 answer
Forward the Chain on Istio EnvoyFilter x-forwarded-client-cert
Anyone can help me, how we can write an Istio EnvoyFilter with mode:SIMPLE using that can add to headers the chain in x-forwarded-client-cert ? I can see the x-forwarded-client-cert with client cert but not the chain
"x-forwarded-proto":…
wael mashal
- 19
- 5
0
votes
1 answer
Query on Istio Authorization Policy
Do we need to have Istio sidecar proxy containers running alongside the application pod for Istio Authorization Policy to work as expected?
Do we have any Istio docs around this?
I tried running my application without sidecars and the authorisation…
Chandra Sekar
- 637
- 4
- 9