Questions tagged [istio]

Istio is an open-source platform for managing and securing microservices

Istio is an open platform that provides a uniform way to connect, manage, and secure microservices. Istio supports managing traffic flows between microservices, enforcing access policies, and aggregating telemetry data, all without requiring changes to the microservice code. Istio gives you:

Automatic load balancing for HTTP, gRPC, and TCP traffic.
Fine-grained control of traffic behavior with rich routing rules, retries, failovers, and fault injection.
A pluggable policy layer and configuration API supporting access controls, rate limits and quotas.
Automatic metrics, logs, and traces for all traffic within a cluster, including cluster ingress and egress.
Secure service-to-service authentication with strong identity assertions between services in a cluster.

Getting Started

Books

2612 questions

votes

1 answer

The difference between Istio's `DestinationRule` vs Kubernetes `Service`?

I just read the documentation of istio 1.0.0, especially its concept. There is one thing that I am trying to understand, especially the existence of DestinationRule. So, before using Istio, the only way to expose pods is through Kubernetes's Service…

kubernetes istio

asked Aug 07 '18 at 06:11

Agung Pratama

3,666
7
36
77

votes

2 answers

Whitelist an IP to access deployment with Kubernetes ingress Istio

I'm trying to whitelist an IP to access a deployment inside my Kubernetes cluster. I looked for some documentation online about this, but I only found the ingress.kubernetes.io/whitelist-source-range for ingress to grant access to certain IP…

kubernetes whitelist istio kubernetes-security docker-ingress

asked Sep 20 '17 at 13:44

Lan

votes

1 answer

Istio AuthorizationPolicy with Wildcard

Does authorizationpolicy not supports any wildcard pattern on paths? I have the following endpoints: /my-service/docs/active (GET) /my-service/docs//activate/ (PUT) The first one will get all active docs, and second will…

authorization istio

asked Jan 13 '21 at 17:02

user14242404

votes

2 answers

Is the "hosts" attribute in VirtualService and Gateway based on HTTP's Host header (layer 7)?

If I write Gateway and VirtualService entries like below, what criteria do the hosts attributes match to determine whether an incoming request should be routed to the service? Is it the "Host" header in the HTTP request, or something…

kubernetes istio

asked Nov 03 '20 at 00:28

Johntron

2,443
2
24
26

votes

1 answer

Kafka on kubernetes cluster with Istio

I have k8s cluster with Istio v1.6.4. The sidecar injection is disabled by default. I have Kafka cluster running on this k8s installed with strimzi kafka operator. The Kafka cluster works without any problems when kafka as well as client pods…

kubernetes apache-kafka istio

asked Jul 09 '20 at 14:49

gkocur

votes

3 answers

ServiceEntry vs Service and Endpoints

What are the key benefits of using ServiceEntry when I can simply create Service(and if this service is a set of external IPs then define Endpoints instead of selector). In which cases I can't rely on Service?

kubernetes istio

asked May 17 '20 at 14:41

Belenot

votes

0 answers

Istio mtls misconfiguration causes inconsistent behavior

I have deployed 2 istio enabled services on a GKE cluster. istio version is 1.1.5 and GKE is on v1.15.9-gke.24 istio has been installed with global.mtls.enabled=true serviceA communicates properly serviceB apparently has TLS related issues. I spin…

kubernetes tls1.2 istio mtls

asked Apr 25 '20 at 10:07

pkaramol

16,451
43
149
324

votes

5 answers

Invalid mount config for type "bind": bind mount source path does not exist: /home/jenkins/.docker (Istio)

I try to build istio (1.6.0+) using Jenkins and get an error: docker: Error response from daemon: invalid mount config for type "bind": bind mount source path does not exist: /home/jenkins/.docker the slave contains .docker directory: 13:34:42 + ls…

docker jenkins jenkins-pipeline istio

asked Apr 20 '20 at 06:14

kozmo

4,024
3
30
48

votes

1 answer

Using Gateway + VirtualService + http01 + SDS

In the document there is an example about Securing Kubernetes Ingress with Cert-Manager which is not using Gateway + VirtualService. I have tried to make it work with acme http01 but the certificate can not be issued as in log challenge I have 404…

kubernetes istio

asked Jun 04 '19 at 14:23

Amir Movahedi

1,802
3
29
52

votes

1 answer

How to enable both Mutual TLS and gRPC TLS in Istio such that Istio can collect metrics, but gRPC considers the connection "Safe"

This is an "in principle" question as I seek to understand the way mTLS is implemented in Istio, and how it works with services that otherwise support mTLS well (such as gRPC). Consider that I have a cluster with "mtls everywhere" enabled. This…

ssl grpc istio

asked Jan 10 '19 at 10:46

Andrew Howden

votes

1 answer

How istio send tracing spans to jaeger?

I want to use istio with existing jaeger tracing system in K8S, I began with installing jaeger system following the official link with cassandra as backend storage. Then installed istio by the helm way, but with only some selected components…

kubernetes istio zipkin envoyproxy jaeger

asked Nov 24 '18 at 15:42

shizhz

11,715
3
39
49

votes

2 answers

Integrating Istio with AWS IAM

I'm currently exploring running an Istio / Kubernetes cluster on AWS using EKS. I would like to be able to assign a different IAM role to each service running in the cluster to limit the AWS privileges of each service. In non-Istio Kubernetes…

amazon-web-services kubernetes amazon-iam istio

asked Oct 10 '18 at 03:59

AEldridge

votes

2 answers

Why does istio-ingressgateway expose port 31400?

The Istio ingress gateway exposes the following ports by default: 80:31380/TCP,443:31390/TCP,31400:31400/TCP Why does it expose 31400 and map it to 31400? I can't find an explanation of this in the docs or elsewhere. Background: I'm following the…

kubernetes istio

asked Jul 17 '18 at 20:58

nzkeith

votes

2 answers

Service mesh and Async services

I am planning to introduce K8s/Istio into my infra. Right now I have plenty of services which communicate with each other using RabbitMQ. Service mesh concept seems to assume all services should be synchronous. I'd like to keep at least some of my…

kubernetes openshift istio envoyproxy

asked Apr 16 '18 at 23:56

arkadiy kraportov

3,679
4
33
42

votes

6 answers

Helm repo to install istio

I am trying to install istio. I can easily package the helm chart if I clone the repo from github but I am just wondering if there is a helm chart repo that I can use?

kubernetes-helm istio

asked Mar 16 '18 at 00:11

abelgana

Prev 1 2

…

99 100 Next