Questions tagged [istio]

Istio is an open-source platform for managing and securing microservices

Istio is an open platform that provides a uniform way to connect, manage, and secure microservices. Istio supports managing traffic flows between microservices, enforcing access policies, and aggregating telemetry data, all without requiring changes to the microservice code. Istio gives you:

Automatic load balancing for HTTP, gRPC, and TCP traffic.
Fine-grained control of traffic behavior with rich routing rules, retries, failovers, and fault injection.
A pluggable policy layer and configuration API supporting access controls, rate limits and quotas.
Automatic metrics, logs, and traces for all traffic within a cluster, including cluster ingress and egress.
Secure service-to-service authentication with strong identity assertions between services in a cluster.

Getting Started

Books

2612 questions

votes

4 answers

Suddenly getting "Unable to connect to the server: net/http: TLS handshake timeout" from kubectl

My vanilla kubernetes cluster running on 'Docker for Mac' was running fine without any real load. Now, I deployed a few services and istio. Now, I am getting this error: $ kubectl get pods --all-namespaces Unable to connect to the server: net/http:…

kubernetes kubectl istio

asked Jan 19 '19 at 05:45

user674669

10,681
15
72
105

votes

3 answers

Unable to setup Istio with minikube

I followed Istio's official documentation to setup Istio for sample bookinfo app with minikube. but I'm getting Unable to connect to the server: net/http: TLS handshake timeout error. these are the steps that I have followed(I have kubectl &…

kubernetes containers minikube kubernetes-helm istio

asked Nov 02 '18 at 17:08

mahendra

votes

3 answers

Starting a container/pod after running the istio-proxy

I am trying to implement a service mesh to a service with Kubernetes using Istio and Envoy. I was able to set up the service and istio-proxy but I am not able to control the order in which the container and istio-proxy are started. My container is…

kubernetes istio envoyproxy

asked Oct 22 '18 at 19:30

DoIt

3,270
9
51
103

votes

1 answer

Istio (1.0) intra ReplicaSet routing - support traffic between pods in a Kubernetes Deployment

How does Istio support IP based routing between pods in the same Service (or ReplicaSet to be more specific)? We would like to deploy a Tomcat application with replica > 1 within an Istio mesh. The app runs Infinispan, which is using JGroups to sort…

kubernetes infinispan jgroups istio envoyproxy

asked Oct 22 '18 at 08:20

Robert Gartman

votes

2 answers

Is there a way to configure Istio to route traffic to a POD which is in the terminating state?

I have a Kubernetes cluster with two services deployed: SvcA and SvcB - both in the service mesh. SvcA is backed by a single Pod, SvcA_P1. The application in SvcA_P1 exposes a PreStop HTTP hook. When performing a "kubectl drain" command on the…

kubernetes istio

asked Oct 09 '18 at 21:22

T. Sandgren

votes

3 answers

Istio to allow all egress traffic

How do you allow all outbound traffic with Istio? I tried the following: Disable the egress gateway and bypass the sidecar with --set global.proxy.includeIPRanges="0.0.0.0/0\,0.0.0.0/0" None of the options work, worth to mention I'm using…

kubernetes istio outbound

asked Oct 06 '18 at 20:06

user399256

votes

2 answers

istio routing between two pods

trying to get into istio on kubernetes but it seems i am missing either some fundamentals, or i am doing things back to front. I am quite experienced in kubernetes, but istio and its virtualservice confuses me a bit. I created 2 deployments…

kubernetes istio

asked Aug 30 '18 at 13:19

sapien99

votes

2 answers

How do you create custom error pages for Istio loadbalancer in kubernetes

I cant seem to find/understand how to change the default error landing pages for the Istio loadbalancer in kubernetes. For example the 503 "No healthy upstream" page. Is it possible to change these in Istio? If so how would I go about doing it?…

istio

asked Jun 07 '18 at 09:45

Staffan.S

votes

0 answers

Can this work - Google Cloud Endpoints as API Management layer and Istio as Service Mesh on Kubernetes (GKE)

We would like to use Kubernetes for Microservices and Google Cloud Endpoints as API Management layer. If I understand well, to have Google Cloud Endpoints functionality we need to have a sidecar or proxy for the real microservice. (image:…

kubernetes cloud google-cloud-endpoints google-kubernetes-engine istio

asked May 05 '18 at 11:49

Govinda Attal

votes

1 answer

Istio mTLS flow

I am little confused about the mTLS flow of istio. In the bookinginfo example, I see that services are doing calls over http instead of https. If there is mTLS between services then service make http calls? Can it be that HTTP from service goes to…

istio envoyproxy

asked Mar 10 '18 at 21:56

user1138406

votes

1 answer

Communicating with Redis server from a container behind Envoy

I have deployed envoy containers as part of an Istio deployment over k8s. Each Envoy proxy container is installed as a "sidecar" next to the app container within the k8s's pod. I'm able to initiate HTTP traffic from within the application, but when…

http tcp kubernetes istio envoyproxy

asked Aug 29 '17 at 10:43

Zvika

votes

0 answers

Envoy based header to metadata filtering regex not working

My use case is to remove query parameters from the path so the envoy ISTIO filter can filter on the basis of just APIs. I am using the below configuration it is a filtering route but also takes query parameters in the path not truncating it. The…

istio rate-limiting envoyproxy istio-gateway

asked Nov 09 '22 at 15:15

NecessaryDevil

votes

1 answer

Kong with AWS Application Load Balancer

I was trying to create an alb-ingress-controller and point to kong-proxy. Since kong controller supports only classic loadbalancer and network loadbalancer I followed all the mentioned steps from…

istio kong istio-gateway servicemesh kong-ingress

asked Jun 22 '22 at 12:24

VINAY KUMAR RT

votes

1 answer

modify Istio access log format with json output

How to modify istio meshconfig access log format when the output accessLogEncoding set to JSON, changing the format as describe on the docs didn't work. spec: meshConfig: accessLogFile: /dev/stdout accessLogEncoding: JSON …

kubernetes istio

asked Apr 26 '22 at 10:54

Maoz Zadok

4,871
3
33
43

votes

1 answer

Getting "rpc error: code = Unavailable desc = error reading from server: EOF" when trying to create a new etcdv3 client

I'm trying to access my ETCD database from a K8s controller, but getting rpc error/EOF when trying to open ETCD client. My setup: ETCD service is deployed in my K8s cluster and included in my Istio service mesh (its DNS record:…

go kubernetes grpc istio etcd

asked Mar 17 '22 at 08:45

magnes

Prev 1 2 3

…

99 100 Next