Questions tagged [istio]

Istio is an open-source platform for managing and securing microservices

Istio is an open platform that provides a uniform way to connect, manage, and secure microservices. Istio supports managing traffic flows between microservices, enforcing access policies, and aggregating telemetry data, all without requiring changes to the microservice code. Istio gives you:

Automatic load balancing for HTTP, gRPC, and TCP traffic.
Fine-grained control of traffic behavior with rich routing rules, retries, failovers, and fault injection.
A pluggable policy layer and configuration API supporting access controls, rate limits and quotas.
Automatic metrics, logs, and traces for all traffic within a cluster, including cluster ingress and egress.
Secure service-to-service authentication with strong identity assertions between services in a cluster.

Getting Started

Books

2612 questions

votes

0 answers

istio rewrite uri with query param

I am trying to work with rewrite.uri which has query parameter. Wondering if this query param q=1 is supported ? I am getting 503. - match: - uri: prefix: /gateway/api/foo rewrite: uri: /some/svc/bar?q=1 route: -…

istio

asked Jun 06 '23 at 23:56

bhantol

9,368
7
44
81

votes

0 answers

mTLS blocks traffic in Istio Service Mesh

I really hope you can help me with a matter I am struggling for quite some time. Istio Version client version: 1.14.1 control plane version: 1.14.1 data plane version: 1.14.1 (130 proxies) Kubectl Version Client Version: version.Info{Major:"1",…

kubernetes istio istio-gateway mtls istio-sidecar

asked Jun 06 '23 at 14:47

diDaster

votes

1 answer

Enabling HTTP2 for Spring Boot with Istio microservices

We are planning to enable HTTP2 for microservice communication in a Kubernetes cluster. This microservices are built with Spring Boot 3. Since HTTP2 requires HTTPS, the problem we wanted to avoid was configuring TLS on every Spring Boot application.…

spring-boot istio http2

asked Jun 06 '23 at 11:08

codependent

23,193
31
166
308

votes

1 answer

TLS termination of Redis traffic in Istio

I've been looking at terminating TLS in Istio between the redis client and server running in the Kubernetes cluster. Essentially we have an Istio ingress gateway which handles all traffic to the cluster and I figured it might be able to terminate…

kubernetes redis tls1.2 istio termination

asked Jun 02 '23 at 14:18

PatrikJ

2,327
3
24
35

votes

1 answer

Installing istio-ingressgateway using helm into a TKG private cluster in Azure fails - does not get the IP of the existing internal load balancer

I have a TKG 2.1.1 (kubernetes version 1.24.10) cluster deployed in Azure in a private network that already has an internal load balancer provisioned (by the tanzu installer). When attempting to deploy the istio-ingressgateway, the service is stuck…

azure istio istio-gateway

asked Jun 02 '23 at 13:03

Chad Larkin

votes

1 answer

How can I configure traffic balancing for a service using Istio?

We use a headless service to balance traffic, but progers do not like this option. Installed istio, I read the documentation, but my eyes run wide. Now the task is: Balance traffic to the service, in my case:…

kubernetes istio

asked Jun 01 '23 at 10:36

Maksim

votes

0 answers

Error- error validating data: apiVersion not set

i am trying to deploy a virtual service applying my file istio-routing.yaml apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: whitelabel-v1-v2-svc-shift-ftbo namespace: whitelabel spec: hosts: -…

istio

asked May 31 '23 at 09:33

newbie

votes

1 answer

Openshift Service Mesh ServiceMeshControlPlane deployment error

I want to create ServiceMeshControlPlane but it can not be deployed as I see in logs below message: Error processing component mesh-config: error: mesh-config/templates/enable-mesh-permissive.yaml: Internal error occurred: failed calling webhook…

openshift istio servicemesh

asked May 30 '23 at 14:39

JJ36

votes

0 answers

Enabling org/user level rate limiting in K8S Istio Ingress using Envoy filter

Is there any way to configure org/user level rate limiting using K8S Istio Ingress? Currently I have rate limiting enabled at microservice level for API calls. I'm looking for the option to do it using Envoy filter. Can anyone share the way to do…

kubernetes kubernetes-ingress istio

asked May 30 '23 at 11:33

Tanu

votes

0 answers

Is it possible to connect to MongoDB from Istio proxy without allowing invalid certificates and direct connection?

I have a question regarding configuring the Istio proxy to connect to MongoDB without making any modifications to the client configuration. Currently, the client connects to MongoDB using the following connection…

mongodb ssl istio istio-gateway istio-sidecar

asked May 27 '23 at 17:05

Danil Trehshcev

votes

0 answers

How to call service outside istio mesh

I have a multi-cluster on different netwroks setup working 100%. My cluster-1 is exposing an east/west gateway, to be able to cluster-2 intercomunicate with it. My cluster-2 has also deployments outside the mesh (without istio proxy injected). How…

istio istio-gateway

asked May 26 '23 at 13:19

Beto Neto

3,962
7
47
81

votes

2 answers

Why I cant find istio gateway under namespace of istio-system or any other namespace after creating?

I have set up istio for my k8s cluster and it seems successfully working. The istioctl also works and return version 1.17.2 which is compatible with my k8s cluster. Deployment output is as follows. k8s@k8master-virtual-machine:~$ kubectl get pods -n…

kubernetes istio cert-manager istio-gateway istio-operator

asked May 25 '23 at 08:11

tauqeerahmad24

votes

2 answers

istio authorization policy not being applied to istio gateway

I have this gateway configured in GKE with a static regional IP. apiVersion: gateway.networking.k8s.io/v1beta1 kind: Gateway metadata: name: my-gateway namespace: istio-ingress spec: gatewayClassName: istio listeners: - name: http …

authorization istio policy istio-gateway

asked May 25 '23 at 03:27

Bruno Macedo

votes

0 answers

Fortify SSC Statefulset webapp pod unable to connect to statefulset fortify-msql pod in kubernetes cluster when Istio Is enabled

I am deploying MicroFocus Fortify SSC in my kubernetes cluster via a helm chart. The helm chart I am using can be found here https://repo1.dso.mil/big-bang/apps/third-party/fortify/-/tree/0.0.9-bb.2/. I am using kubernetes distribution of RKE2…

mysql devops kubernetes-helm istio fortify

asked May 24 '23 at 20:31

sunny

votes

0 answers

How is Istio's service discovery different from K8s' default service discovery?

In Kubernetes, you can implement service discovery by default using the Service resource. For example, a Pod named A can call a service named B by making a request to {SERVICE}.svc.cluster.local. But if you look at Istio's documentation, it says…

kubernetes istio

asked May 24 '23 at 06:02

River

Prev 1 2 3

…

99 100 Next