Questions tagged [istio]

Istio is an open-source platform for managing and securing microservices

Istio is an open platform that provides a uniform way to connect, manage, and secure microservices. Istio supports managing traffic flows between microservices, enforcing access policies, and aggregating telemetry data, all without requiring changes to the microservice code. Istio gives you:

Automatic load balancing for HTTP, gRPC, and TCP traffic.
Fine-grained control of traffic behavior with rich routing rules, retries, failovers, and fault injection.
A pluggable policy layer and configuration API supporting access controls, rate limits and quotas.
Automatic metrics, logs, and traces for all traffic within a cluster, including cluster ingress and egress.
Secure service-to-service authentication with strong identity assertions between services in a cluster.

Getting Started

Books

2612 questions

votes

0 answers

Istio Multi primary in different network is not working

i have 2 clusters deployed each one in VM. i have configured service mesh connection through istio official documentation. at th end i get this result. while true; do kubectl exec --context="${CTX_CLUSTER1}" -n sample -c sleep "$(kubectl get pod…

istio servicemesh

asked Mar 23 '23 at 16:19

Omar Trigui

votes

0 answers

Does EnvoyFilter support TLS local rate limit?

We are using istio for local rate limit, Our service is TLS enabled. Can we do local rate-limit this service using EnvoyFilter?

istio envoyproxy istio-gateway istio-sidecar

asked Mar 23 '23 at 14:37

ajeyprasad

votes

0 answers

One control plane for multiple service-mesh

I need your advice on the best strategy when it comes to implementing Istio service mesh. We have multiple Kubernetes clusters and while reading through the istio documentation, I came across a section where it mentions that we can have multiple…

istio

asked Mar 21 '23 at 12:30

Watts

votes

1 answer

ConnectionResetError (104, 'Connection reset by peer) in kserve?

I have A Hugging face model https://huggingface.co/TahaDouaji/detr-doc-table-detection in Torch serve it is working fine when I deployed it in locally. I tried to deploy the model in kserve as DockerImage. Pods are running fine without any error i…

istio huggingface-transformers knative knative-serving kubeflow-kserve

asked Mar 20 '23 at 07:58

sairanjith vankayalapati

votes

1 answer

How do you add reporter label to istio custom metrics with IstioOperator

I created custom metrics with IstioOperator as such (example only in inboundSidecar, but I also add it for outboundSidecar and Gateway) telemetry: v2: prometheus: configOverride: inboundSidecar: …

prometheus metrics istio envoyproxy istio-sidecar

asked Mar 20 '23 at 06:16

Isa A

1,342
13
31

votes

2 answers

Expose multiple microservices with same host without LB

I have a 'UI' and an 'API' microservice that I'm deploying on k8s default namespace with Istio enabled. My k8s environment is a dev box and doesn't have an External Load Balancer. The UI's port configuration is 80(service port):80(container port in…

kubernetes microservices istio istio-gateway

asked Mar 17 '23 at 14:42

user1452759

8,810
15
42
58

votes

1 answer

Use Trino in an Istio Service Mesh, nodes cannot reach each other over pod ip

I have the Trino helm chart in a kubernetes namespace with labels istio-injection=enabled. Trino's clustering is configured so that workers announce themselves to the coordinator. The coordinator then arranges that all nodes in the cluster receive…

kubernetes istio trino

asked Mar 16 '23 at 14:57

wessel

votes

1 answer

Service Discovery in Istio servicemesh

We currently are using Eureka(API discovery) and Spring cloud gateway for our microservices. We plan to istio installed on to our kubernetes clusters. My question is whether Istio can be used for Service Discovery and we can do away with Eureka and…

istio

asked Mar 16 '23 at 06:32

Watts

votes

0 answers

Process custom header in istio virtual service's routing rules and target specific URL with the usage of regex capture blocks

I have a custom header test: someothervalues;host:https://test-service:443 If the value of the test header contains the test word I want to find out a way to route the request to https://test-service:443 in my istio Virtual Service. I know that I…

regex yaml istio

asked Mar 15 '23 at 14:22

SteveGr2015

votes

0 answers

Keycloak using Istio ingress Gateway

Hello Guys good evening. Basically I have in minikube already deploy keycloak and now I want to ingress using Istio Ingress Gateway. However I haven't been able to do it. The steps that I follow are next: Note: I'm working in a namespace called…

kubernetes keycloak istio minikube

asked Mar 14 '23 at 17:35

Nicolas

votes

0 answers

Istio mTLS make the service unavailable (503)

I am trying to implement Istio mTLS migration in my kubernetes cluster. The problem is, when I create the "PeerAuthentication" manifest with the option "STRICT" to enforce encrypted traffic it makes my backend service unavailable (503). With…

ibm-cloud istio

asked Mar 13 '23 at 11:04

HyperionX

votes

1 answer

Deployment/istio-system/istiod (container failed to start: ImagePullBackOff: Back-off pulling image

Istiod and Ingressgw not installing when installing isito on a minikube cluster on WSL 2. I installed minikube to use containerd. Seeing the following errors when describing istiod pod. #istioctl install This will install the Istio 1.16.1 default…

kubernetes windows-subsystem-for-linux istio

asked Mar 13 '23 at 06:31

user21387093

votes

0 answers

Configuration istio for block one of api service

I try to configure istio to block one of API for my app.I'm trying to do it with Virtual services by redirect to another url.I want to redirect all users from app/# to app/services . I try to configurate it like this But my configuration not working…

kubernetes https request openshift istio

asked Mar 09 '23 at 09:17

Mankasss

votes

1 answer

Kubeflow+Istio+cert-manager http-01 challenge propagation: wrong status code '404', expected '200'

I'm trying ssl secure kubeflow v1.6 deployment on AKS. The deployment uses Cert-manager v1.10.1 and Istio v1.16.0. The acme-solver service is using port 8089, but it can't be reached from outside or inside the cluster. In simple words the request…

kubernetes azure-aks istio kubeflow cert-manager

asked Mar 08 '23 at 17:22

Mohamed Faris

votes

0 answers

Prometheus is unable to fire alerts to Alertmanager(HTTP status 503)

I'm experiencing a widespread issue with Prometheus to Alertmanager communication. Whenever an Alertmanager pod restarts, server logs 503 error to that individual pod. Other AM pods receive the alerts until they get restarted. Prometheus Version:…

prometheus istio envoyproxy prometheus-alertmanager prometheus-operator

asked Mar 07 '23 at 22:12

Kiran KH

Prev 1 2 3

…

100