Stack Overflow
Stack Overflow

Questions tagged [istio]

Istio is an open-source platform for managing and securing microservices

Istio is an open platform that provides a uniform way to connect, manage, and secure microservices. Istio supports managing traffic flows between microservices, enforcing access policies, and aggregating telemetry data, all without requiring changes to the microservice code. Istio gives you:

  • Automatic load balancing for HTTP, gRPC, and TCP traffic.
  • Fine-grained control of traffic behavior with rich routing rules, retries, failovers, and fault injection.
  • A pluggable policy layer and configuration API supporting access controls, rate limits and quotas.
  • Automatic metrics, logs, and traces for all traffic within a cluster, including cluster ingress and egress.
  • Secure service-to-service authentication with strong identity assertions between services in a cluster.

enter image description here

Getting Started

Books

2612 questions
4
votes
1 answer

Istio: How to redirect to HTTPS except for /.well-known/acme-challenge

I want the traffic thar comes to my cluster as HTTP to be redirected to HTTPS. However, the cluster receives requests from hundreds of domains that change dinamically (creating new certs with cert-manager). So I want the redirect to happen only when…
g_lasso
  • 141
  • 8
4
votes
1 answer

How to deal with breaking changes in a Service Mesh

I'm building an example microservice application with Kubernetes to find out the best practices and some patterns for future projects. I'm using Istio as a Service Mesh to handle east-west traffic and I have a basic understanding of the concepts…
Simon
  • 1,244
  • 8
  • 21
4
votes
1 answer

How health check of Kubernetes work with Istio?

I am doing with k8s and Istio as service meshing. I wonder what if pod in a service A is not ready(Readiness is unhealthy), How Istio will treat this pod? Is there way i can config rule of load balance(Load balance at L3/L4 layer)?
Blind
  • 99
  • 1
  • 11
4
votes
0 answers

istio failover in the same cluster cross different namespaces

we can do istio multicluster failover using outlier detection with shared control plane with https://istio.io/latest/docs/setup/install/multicluster/shared/, so we have the exactly same service running in two clusters, if one fails, it will switch…
Cai Elvis
  • 71
  • 2
4
votes
1 answer

Istio configuration for websites with static content (in particular kubevious UI)

I'm trying to configure istio VirtualService so that I can open the kubevious dashboard (https://github.com/kubevious/kubevious) through it. I have the following setup: resource "kubernetes_manifest" "kubevious" { provider = kubernetes-alpha …
Blink
  • 1,408
  • 13
  • 21
4
votes
2 answers

Unable to open Istio ingress-gateway for gRPC

This question is about my inability to connect a gRPC client to a gRPC service hosted in Kubernetes (AWS EKS), with an Istio ingress gateway. On the kubernetes side: I have a container with a Go process listening on port 8081 for gRPC. The port is…
mipnw
  • 2,135
  • 2
  • 20
  • 46
4
votes
1 answer

Keycloak Kubernetes 401 Unauthorized

I have a keycloak server and a spring boot app running on Kubernetes cluster and I'm facing 2 scenarios the first one is working and the other one I'm getting 401 Unauthorized. First scenario: Enter a test container with kubectl exec command inside…
Kamèl Romdhani
  • 342
  • 1
  • 9
4
votes
2 answers

How to access 3rd-party Custom Resource Definition?

I am working on Opersator-SDK. In my operator controller, I try to create an Istio Custom resource -- virtualservices. The definition of virtualservices looks like as following: kind: CustomResourceDefinition apiVersion:…
Joe
  • 307
  • 1
  • 11
4
votes
1 answer

Can istio invoke lambda functions?

I have some external services running on AWS with lambda and API gateway I'm using istio and i've configure a service entry to api gateway and it works. I'm wondering if i can use envoy filter in istio to invoke the lambda function directly like on…
user1398932
  • 53
  • 5
4
votes
1 answer

Expose grafana publicly using istio

We are using Prometheus operator and we need to expose Grafana publicly (outside) using istio, https://github.com/helm/charts/tree/master/stable/prometheus-operator Normally when I have application which I need to expose publicly with istio, I…
PJEM
  • 557
  • 7
  • 33
4
votes
0 answers

Envoy Filter with a Lua script to fetch data from other API

I've got a Envoy Filter in which I add a header to every HTTP request. The header's value comes from API. Let's assume two configurations of the filter. In the configuration below I added a hardcoded version of my header. It was checked in the logs…
uiguyf ufdiutd
  • 142
  • 1
  • 10
4
votes
1 answer

Istio envoy proxy request loop causing OOM

I have an interesting problem. I think I've found an infinite request loop that's causing my istio-proxy to crash with an OOM error in a specific circumstance. When I submit the request locally to the app directly from inside the application…
blankenshipz
  • 365
  • 2
  • 10
4
votes
2 answers

Is there a way to prevent envoy from adding specific headers?

According to the docs here https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_conn_man/headers#x-forwarded-proto Envoy proxy adds the Header X-Forwarded-Proto to the request, for some reason the header value is wrong; it set it as…
yakout
  • 782
  • 3
  • 9
  • 24
4
votes
2 answers

Kubectl tls patch returning “not patched”

I am trying to patch istio-ingressgateway service with ACM by the following kubectl -n istio-system patch service istio-ingressgateway -p "$(cat<
Akash Verma
  • 89
  • 5
4
votes
4 answers

Failing to establish mqtt connection to VerneMQ cluster in k8s behind Istio proxy

I'm setting up k8s on-prem k8s cluster. For tests I use single-node cluster on vm set up with kubeadm. My requirements include running MQTT cluster (vernemq) in k8s with external access via Ingress (istio). Without deploying ingress, I can connect…
Artsiom the Brave
  • 192
  • 2
  • 10
1 2 3
99 100