Questions tagged [istio]

Istio is an open-source platform for managing and securing microservices

Istio is an open platform that provides a uniform way to connect, manage, and secure microservices. Istio supports managing traffic flows between microservices, enforcing access policies, and aggregating telemetry data, all without requiring changes to the microservice code. Istio gives you:

Automatic load balancing for HTTP, gRPC, and TCP traffic.
Fine-grained control of traffic behavior with rich routing rules, retries, failovers, and fault injection.
A pluggable policy layer and configuration API supporting access controls, rate limits and quotas.
Automatic metrics, logs, and traces for all traffic within a cluster, including cluster ingress and egress.
Secure service-to-service authentication with strong identity assertions between services in a cluster.

Getting Started

Books

2612 questions

votes

0 answers

Istio Multi-Cluster Mesh Automatic Service Discovery

I have a setup Istio Multi-cluster with Multi-Primary on different networks following the link: https://istio.io/latest/docs/setup/install/multicluster/multi-primary_multi-network/ As per verification steps all seems fine. Also Step-by-step…

istio

asked Jun 23 '23 at 09:03

Soumya Parui

votes

0 answers

Getting connection_termination error on envoy sidecar on hitting GRPC endpoint

We have an application that is deployed to an eks cluster. This app is exposed to health-check on port 8080 and to a grpc endpoint on port 8888. I am successfully able to hit the health-check endpoint exposed at 8080 but on trying to run grpcurl…

grpc istio envoyproxy grpc-go istio-gateway

asked Jun 22 '23 at 17:42

esahmo

votes

0 answers

Azure Front door with istio not working when adding external hostname to virtual service

I have followed the below link to configure Azure AFD and istio. https://medium.com/microsoftazure/automating-istio-installation-on-aks-with-terraform-and-securing-traffic-with-azure-front-door-cb9a3735c399 I was able to access the service if I add…

azure-aks istio azure-front-door

asked Jun 22 '23 at 14:30

DevIn

votes

0 answers

Mirroring traffic of specific endpoints

I am trying to put in place a traffic mirroring using VirtualService from my-service to my-service-mirror. I'd like to mirror ONLY traffic going through specific endpoints of my-service (path prefix cars that I defined in my Controller class :…

kubernetes istio

asked Jun 22 '23 at 10:43

ah_ben

votes

1 answer

Advice on Istio K8sObjectOverlay.PathValue for Pod Spec Labels

I popped this on the Istio forums too but thought might have better luck here. We’re currently using Istio on our AKS Cluster with a Pod Identity binding on our ingress gateways and we’re looking to move this across to using Azure Workload Identity…

istio

asked Jun 22 '23 at 08:07

RobCSW

votes

2 answers

mTLS from Istio Gateway to upstream workload not working

I am unable to get mTLS working between an Istio Gateway and a workload within my mesh. I get the following error when calling from the Istio Gateway to the target service: curl http://target-service.default curl: (56) Recv failure: Connection reset…

istio istio-gateway istio-sidecar

asked Jun 21 '23 at 18:06

Ryan Pagel

votes

0 answers

How to set subset in istios EnvoyFilter based on a Header

I try to route traffic to different subsets of my service but I cannot use VirtualService as I need to handle the wildcard hostname *.my-namespace.svc.cluster.local. That's because there are different dynamic services in the namespace that all route…

istio envoyproxy servicemesh

asked Jun 21 '23 at 12:43

Jnt0r

votes

1 answer

Forward the Chain on Istio EnvoyFilter x-forwarded-client-cert

Anyone can help me, how we can write an Istio EnvoyFilter with mode:SIMPLE using that can add to headers the chain in x-forwarded-client-cert ? I can see the x-forwarded-client-cert with client cert but not the chain "x-forwarded-proto":…

istio envoyproxy istio-gateway istio-sidecar

asked Jun 20 '23 at 11:29

wael mashal

votes

0 answers

send the request to the random pods

looking for an idea to randomize the request routing, In our Kubernetes setup we have the request routing setup: azure DNS and LB => Istio ingress LoadBalancer (configured on 8444) for TCP ==> Istio gw (configured on 8444) for TCP => Istio…

azure-aks istio kubernetes-service

asked Jun 20 '23 at 08:45

kushal agrawal

votes

0 answers

OPA & Istio - create basic example with different image?

This quick start is awesome - works great and gives a good example of using OPA and Istio: https://www.openpolicyagent.org/docs/latest/envoy-tutorial-istio/ If I use the same steps but instead copy the quick_start.yaml and just change the image and…

kubernetes istio opa

asked Jun 16 '23 at 16:22

Mario

3,405
6
38
48

votes

0 answers

Does AWS ALB pass through, alter, or drop the x-b3-traceID?

Scenario I have an AWS ALB that routes like this: ALB > Ingress > Istio ingress-gateway > all-the-things I am seeing the x-b3-traceid in the ALB access logs, and in the WAF logs, as what I expect it to be, coming in from an outside request. I then…

amazon-web-services networking istio aws-application-load-balancer

asked Jun 15 '23 at 18:47

bmoody

votes

1 answer

Query on Istio Authorization Policy

Do we need to have Istio sidecar proxy containers running alongside the application pod for Istio Authorization Policy to work as expected? Do we have any Istio docs around this? I tried running my application without sidecars and the authorisation…

kubernetes openshift istio istio-sidecar servicemesh

asked Jun 14 '23 at 09:43

Chandra Sekar

votes

1 answer

How to access regular Kubernetes Service from inside Istio Mesh

I have a Service "service1" in Namespace "a" which is part of the Istio Servicemesh and has both REGISTRY_ONLY configured in the Sidecar as well as Strict mTLS configured in the PeerAuthentication. Inside the Cluster there exists another ClusterIP…

openshift istio

asked Jun 13 '23 at 07:30

TechnicianLP

votes

1 answer

AuthorizationPolicy configuration issue: JWT authentication not working within specified namespace

I'm currently facing an issue with the Istio AuthorizationPolicy configuration for JWT authentication. Our goal is to enable JWT authentication for traffic originating from outside the namespace, while allowing requests within the namespace to…

kubernetes istio istio-gateway kubernetes-security istio-operator

asked Jun 12 '23 at 08:40

suman sourav

votes

0 answers

Accessing Service using Istio fails with 503 when under load

I am load testing my service (using jMeter). The service works just fine when accessed normally (ie via Swagger). But when I load test it, it will start giving me 503 responses say "Service Unavailable". But when I load test using IIS, I don't get…

istio

asked Jun 09 '23 at 18:03

Vaccano

78,325
149
468
850

Prev 1 2 3

…

99 100 Next