Questions tagged [istio]

Istio is an open-source platform for managing and securing microservices

Istio is an open platform that provides a uniform way to connect, manage, and secure microservices. Istio supports managing traffic flows between microservices, enforcing access policies, and aggregating telemetry data, all without requiring changes to the microservice code. Istio gives you:

Automatic load balancing for HTTP, gRPC, and TCP traffic.
Fine-grained control of traffic behavior with rich routing rules, retries, failovers, and fault injection.
A pluggable policy layer and configuration API supporting access controls, rate limits and quotas.
Automatic metrics, logs, and traces for all traffic within a cluster, including cluster ingress and egress.
Secure service-to-service authentication with strong identity assertions between services in a cluster.

Getting Started

Books

2612 questions

votes

1 answer

Accessing service using istio ingress gives 503 error when mTLS is enabled

I have a mutual TLS enabled Istio mesh. My setup is as follows A service running inside a pod (Service container + envoy) An envoy gateway which stays in front of the above service. An Istio Gateway and Virtual Service attached to this. It routes…

kubernetes istio envoyproxy

asked Jan 12 '19 at 13:53

Pasan W.

votes

2 answers

Istio Distributed Tracing shows just 1 span

I'm following this guide, with Zipkin. I have 3 microservices involed, A -> B -> C, I'm propagating headers from A to B and from B to C. But in the Zipkin dashboard I only see entries for A -> B and B -> C, not A -> B -> C. Those are the headers: [ …

kubernetes zipkin istio

asked Feb 18 '18 at 22:13

andrew

3,879
4
25
43

votes

2 answers

istio-proxy closing long running TCP connection after 1 hour

TL;DR: How can we configure istio sidecar injection/istio-proxy/envoy-proxy/istio egressgateway to allow long living (>3 hours), possibly idle, TCP connections? Some details: We're trying to perform a database migration to PostgreSQL which is being…

kubernetes tcp istio envoyproxy

asked Sep 11 '20 at 08:38

Yayotrón

1,759
16
27

votes

3 answers

How to set AWS ALB instead of ELB in Istio?

I am trying to setup ALB load balancer instead of default ELB loadbalancer in Kubernetes AWS.The loadbalancer has to be connected to the istio ingressgateway.I looked for solutions and only found one. But the istio version mentioned is V1 and there…

kubernetes devops kubernetes-ingress istio aws-application-load-balancer

asked Jun 16 '20 at 11:27

sachin

1,220
1
14
24

votes

5 answers

How to create custom istio ingress gateway controller?

Our GKE cluster is shared to multiple teams in company. Each team can have different public domain (and hence want to have different CA cert setup and also different ingress gateway controller). How to do that in Istio? All the tutorial/introduction…

kubernetes istio

asked Aug 14 '18 at 07:18

Agung Pratama

3,666
7
36
77

votes

6 answers

Setting up on ISTIO on EKS cluster using Terraform or Helm

I'm new to Terraform and Helm world! I need to set up Istio on the AWS EKS cluster. I was able to set up the EKS cluster using Terraform. I'm thinking of installing ISTIO on top of the EKS cluster using Terraform by writing terraform modules.…

kubernetes terraform kubernetes-helm istio amazon-eks

asked Mar 29 '21 at 09:15

Sweta Sharma

2,404
4
21
36

votes

1 answer

Debugging istio rate limiting handler

I'm trying to apply rate limiting on some of our internal services (inside the mesh). I used the example from the docs and generated redis rate limiting configurations that include a (redis) handler, quota instance, quota spec, quota spec binding…

redis handler istio rate-limiting amazon-eks

asked Dec 17 '19 at 16:08

Reut Sharabani

30,449
6
70
88

votes

1 answer

How to fix 'container runtime is down,PLEG is not healthy'

I have aks with one kubernetes cluster having 2 nodes. Each node has about 6-7 pod running with 2 containers for each pod. One container is my docker image and the other is created by istio for its service mesh. But after about 10 hours the nodes…

docker kubernetes istio azure-aks

asked Dec 20 '18 at 16:38

Ask

votes

1 answer

Istio and (or versus) Nginx Ingress Controller

I'am on a journey of testing Istio and at the moment I'am about to test the "canary" capabilities of routing traffic. For my test, I created a small servicemesh composed of 5 microservices (serviceA, serviceB, serviceC, serviceD, serviceE). Each one…

istio nginx-ingress

asked Aug 10 '18 at 07:01

Fred Mériot

4,157
9
33
50

votes

0 answers

Jaeger in Istio is not tracing more than 2 spans (services in nodejs)

I have 3 services A, B and C. I have written APIs which call A -> B -> C. I have installed Jaeger as given in the official documentation of Istio (https://istio.io/latest/docs/tasks/observability/distributed-tracing/jaeger/). My Jaeger dashboard is…

node.js istio jaeger

asked Sep 16 '21 at 22:30

Bhavesh

votes

1 answer

Install Istio on EKS cluster using Terraform and Helm

I'm new to Terraform and Helm world! I need to set up Istio on the AWS EKS cluster. I'm trying to install Istio on top of EKS cluster using Terraform and Helm as a provider: Below is the terraform code for the same: resource "kubernetes_namespace"…

kubernetes terraform kubernetes-helm istio amazon-eks

asked Apr 12 '21 at 11:22

Sweta Sharma

2,404
4
21
36

votes

2 answers

Random “upstream connect error or disconnect/reset before headers” between services with Istio 1.3

So, this problem is happening randomly (it seems) and between different services. For example we have a service A which needs to talk to service B, and some times we get this error, but after a while, the error goes away. And this error doesn't…

istio

asked Feb 11 '20 at 11:49

codiaf

votes

2 answers

K8S - using Prometheus to monitor another prometheus instance in secure way

I've installed Prometheus operator 0.34 (which works as expected) on cluster A (main prom) Now I want to use the federation option,I mean collect metrics from other Prometheus which is located on other K8S cluster B Secnario: have in cluster A…

security kubernetes prometheus istio prometheus-operator

asked Nov 21 '19 at 16:54

Rayn D

votes

1 answer

standard ingress for certificate management combined with istio

Currently Istio does not support a fully automated certificate procedure. The standard ingress does support this by means of cert-manager. Would it be possible to combine standard ingress configuration for certification management with istio for…

kubernetes ssl-certificate google-kubernetes-engine istio cert-manager

asked Feb 11 '19 at 12:20

musicformellons

12,283
4
51
86

votes

1 answer

How log request and response body in Istio

I'd like to log request and response body from incoming traffic to each my microservice. Is it possible in Istio (Envoy) out-of-the-box? I don't see body attribute for mapping in Mixer's EntryLog. Maybe it will be added in future version of…

microservices istio envoyproxy

asked Dec 17 '18 at 12:01

montana202

Prev 1

…

99 100 Next