Questions tagged [istio]

Istio is an open-source platform for managing and securing microservices

Istio is an open platform that provides a uniform way to connect, manage, and secure microservices. Istio supports managing traffic flows between microservices, enforcing access policies, and aggregating telemetry data, all without requiring changes to the microservice code. Istio gives you:

Automatic load balancing for HTTP, gRPC, and TCP traffic.
Fine-grained control of traffic behavior with rich routing rules, retries, failovers, and fault injection.
A pluggable policy layer and configuration API supporting access controls, rate limits and quotas.
Automatic metrics, logs, and traces for all traffic within a cluster, including cluster ingress and egress.
Secure service-to-service authentication with strong identity assertions between services in a cluster.

Getting Started

Books

2612 questions

votes

1 answer

SSL Error: Unable to verify the first certificate

I have the ssl certificate zip file and the privatekey.key file. In total I have the certificate file .crt and another .crt with the name bundle.crt and a .pem file along with the private key with an extension .key. Now I am trying to use it to…

ssl kubernetes istio

asked Mar 09 '22 at 10:17

test test

votes

1 answer

NR filter_chain_not_found when connecting to Nodejs TLS server using istio

I created a node js TLS server, dockerized it, and created a K8S Deployment and ClusterIP service for it. I created a DNS for the LoadBalancer service external IP of istio-ingressgateway and I’m using this DNS to try access this TLS server using…

kubernetes kubernetes-ingress istio istio-sidecar istio-gateway

asked Feb 10 '22 at 13:32

Kareem Yasser

votes

2 answers

Unable to log egress traffic HTTP requests with the istio-proxy

I am following this guide. Ingress requests are getting logged. Egress traffic control is working as expected, except I am unable to log egress HTTP requests. What is missing? apiVersion: networking.istio.io/v1beta1 kind: Sidecar metadata: name:…

kubernetes istio istio-sidecar

asked Feb 07 '22 at 12:58

Jonas

4,683
4
45
81

votes

2 answers

Istio Virtualservice creation access denied

I am trying to create an Istio Virtualservice. However, I am getting the below error, despite me having the cluster-admin role bound to. UPGRADE FAILED: could not get information about the resource: virtualservices.networking.istio.io "admin-ui" is…

kubernetes istio istio-gateway istio-operator

asked Oct 26 '21 at 19:27

Vaishnav

votes

1 answer

How can I prevent Istio sidecar from shutting down before my service has finished gracefully terminating?

We have a service that needs to run a few longer SQL queries when it shuts down. However, when the pod receives a SIGTERM from Kubernetes, the istio proxy container waits only 5s prior to shutting down. This causes our queries to fail and the…

istio

asked Sep 09 '21 at 12:26

Jesse Bye

votes

0 answers

Istio Proxies unable to communicate with istiod

Some of our istio proxies are getting authentication errors trying to talk to istiod warn sds failed to warm certificate: failed to generate workload certificate: create certificate: rpc error: code = Unauthenticated desc = request authenticate…

amazon-web-services istio amazon-eks

asked Aug 08 '21 at 02:22

MattTheCat

votes

2 answers

Add header with EnvoyFilter does not work

I am testing istio 1.10.3 to add headers with minikube but I am not able to do so. Istio is installed in the istio-system namespaces. The namespace where the deployment is deployed is labeled with istio-injection=enabled. In the config_dump I can…

kubernetes istio envoyproxy

asked Jul 24 '21 at 02:20

Little crazy

votes

2 answers

Kubernetes postStart lifecycle always failing

Trying to solve dependency between pods using postStart lifecycle. Use case: micro service A should start after the start of micro service B. For that we have added one container (curl) which will check if dependent service is up or not using curl…

kubernetes istio istio-sidecar mtls istio-gateway

asked Jul 20 '21 at 11:58

Ankita Sawant

votes

2 answers

IstioOperator and sidecar autoinjection

How to enable sidecar injection using IstioOperator? This is my config and it is not enough for that. apiVersion: install.istio.io/v1alpha1 kind: IstioOperator metadata: name: control-plane-1-9-4 namespace: istio-system spec: components: …

istio istio-sidecar istio-operator

asked May 07 '21 at 07:18

Jonas

4,683
4
45
81

votes

3 answers

Istio on GKE in Autopilot mode

Hi there I was reviewing the GKE autopilot mode and noticed that in cluster configureation istio is disabled and I'm not able to change it. Also installation via istioctl install fail with following error error installer failed to update…

kubernetes google-cloud-platform google-kubernetes-engine istio

asked May 06 '21 at 16:26

Maciej Perliński

votes

2 answers

Istio Ingress Gateway: 404 NR route_not_found

I would like to configure an Istio ingress gateway which routes traffic to different services based on the prefix of the HTTP path. For example HTTP traffic path /myservice shall be routed to service myservice. I have created the following YAML…

http-status-code-404 kubernetes-ingress istio

asked Apr 17 '21 at 11:40

Alexander

votes

1 answer

Configure istio destination rule to use a fallback URL instead of 503

I understand you can use istio to open a circuit breaker when service isn't responding. Instead of return back a 503, is it possible to redirect to a different URL? Same question but when the original service returns back a 500, can we redirect…

istio istio-sidecar

asked Jan 27 '21 at 20:37

user1195970

votes

2 answers

Kubernetes - is Service Mesh a must?

Recently I have built several microservices within a k8s cluster with Nginx ingress controller and they are working normally. When dealing with communications among microservices, I attempted gRPC and it worked. Then I discover when microservice A…

kubernetes microservices istio linkerd servicemesh

asked Jan 27 '21 at 05:50

user3836484

votes

1 answer

Using Istio VirtualService from inside of the cluster

I can't use Kubernetes service as I need retry VirtualService feature. How can I access VirtualService from the pods? If I use VirtualService through Gateway: Pod -> Kubernetes service -> Istio Gateway -> Virtual service then for some reason…

kubernetes istio

asked Jan 08 '21 at 10:04

Jonas

4,683
4
45
81

votes

3 answers

Add Custom Header to HTTP request in Load Balancer

I have an containerized application/service deployed in openshift container platform with istio service mesh. In istio virtual service yaml, i wanted to validate if the http request is having a header(for ex: version) and with value v1. i have added…

routes openshift redhat istio servicemesh

asked Jan 01 '21 at 05:27

Nagendra Vummadi

Prev 1 2 3

…

99 100 Next