Questions tagged [istio]

Istio is an open-source platform for managing and securing microservices

Istio is an open platform that provides a uniform way to connect, manage, and secure microservices. Istio supports managing traffic flows between microservices, enforcing access policies, and aggregating telemetry data, all without requiring changes to the microservice code. Istio gives you:

Automatic load balancing for HTTP, gRPC, and TCP traffic.
Fine-grained control of traffic behavior with rich routing rules, retries, failovers, and fault injection.
A pluggable policy layer and configuration API supporting access controls, rate limits and quotas.
Automatic metrics, logs, and traces for all traffic within a cluster, including cluster ingress and egress.
Secure service-to-service authentication with strong identity assertions between services in a cluster.

Getting Started

Books

2612 questions

votes

0 answers

Making an EnvoyFilter that can extend the timeout of outbound calls

I am using JMeter to load test my service. But a lot of my calls are returning a 504 (Gateway Timout). Researching this has shown that Envoy has a default of 15 seconds for a time out for egress calls. (Meaning calls my service makes to other…

istio envoyproxy

asked May 23 '23 at 22:41

Vaccano

78,325
149
468
850

votes

1 answer

Error : SSL error: 268436536:SSL routines:OPENSSL_internal:TLSV1_ALERT_INTERNAL_ERROR with istio and salesforce enhanced domain

When trying to redirect connection to salesforce custom domain through istio I am getting 503 inside the browser with the following message upstream connect error or disconnect/reset before headers. retried and the latest reset reason: connection…

istio envoyproxy

asked May 23 '23 at 09:08

mati kepa

2,543
19
24

votes

0 answers

Egress TLS Origination without Istio

Is it possible to do something similar to TLS Egress origination described here without relying on Istio? We have a use case where we'd like all outbound traffic to a particular CIDR block to go through a TLS proxy that handles the mTLS with another…

kubernetes istio calico cni cilium

asked May 22 '23 at 08:19

Jessica

votes

1 answer

Outbound traffic using istio does not work normally

When istio is used in kubernetes, outbound traffic using spring boot's restemplate returns socketException. When istio is disabled, outbound traffic to that domain is 200. But when enabled, it is 500. In the application, traffic(https) is exported…

kubernetes https istio outbound egress

asked May 22 '23 at 02:25

raboy

votes

0 answers

istio service registry with ui

I have stumble upon register/deploy new service in istio with user interface (not by command line) but i didnt find any mean to do that, even i read all kiali source to get any clue on how that communicate with istio/k8s go clients.is it even…

deployment istio istio-kiali

asked May 18 '23 at 13:52

hossein hosseini

votes

1 answer

Istio Send Request to wrong subset pod

I try to do a mirror test of my service But I haven't configured the mirror testing config yet, but Pod b has already received the traffic. It seems that the Service distributes the traffic instead of being controlled by VirtualService ? Or do I…

kubernetes istio

asked May 17 '23 at 02:10

Mars

votes

0 answers

Is it possible use dynamic fields in istio service mesh?

Example Web Request : https://sub.example.com?return_url=blabla.other.com I want to process an incoming web request from istio and forward it to the address below with a 302 redirect. if return_url contains "other.com"(this is static) , then 302…

istio servicemesh

asked May 16 '23 at 20:21

Faruk Gul

votes

0 answers

How to detect clashes in multiple istio authorization policies?

Given the case that the same path, e.g. /test, is configured differently in two different Istio AuthorizationPolicy, how can this conflict be detected and prevented? I had such a case and it is not clear how Istio decides which config takes…

istio

asked May 12 '23 at 18:25

Mahatma_Fatal_Error

votes

0 answers

Istio Envoy rate limit not generating descriptor metrics

I have implemented the global rate limiter on Istio as per this doc - Global Rate Limting with Istio & The rate limit service is working as expected, I can also see stats like istio_requests_total coming up correct in prometheus. But I can't see…

istio envoyproxy istio-prometheus

asked May 11 '23 at 12:46

haribhatt34

votes

0 answers

504s from Istio during Rollout with AWS ELB

We have an Istio deployment that has been running successfully for some time now, however when the Ingress Gateway pods are restarted, we get intermittent/random 504s along with successful traffic. I have a feeling its due to Keepalive connections…

amazon-web-services kubernetes amazon-elb istio istio-gateway

asked May 10 '23 at 14:11

PSU2017

votes

0 answers

Kubernetes startup probes gives error message `connect: connection refused` initially before api's are up

The startup probe's use to wait for api to available and start liveness probe and now before the health check api's are available, it is throwing the following error {level: error, msg: Request to probe app failed: Get "http:///api/health": dial…

kubernetes google-kubernetes-engine istio startup-probe

asked May 10 '23 at 10:08

Rupak

votes

0 answers

Can Istio measure latency between clusters in any multicluster model?

I'd like to know if Istio can provide latency metrics between clusters (regardless of response time of a service) in any of multi-cluster models as I was unable to figure it out from the docs. I did not see in the docs any metrics that would suggest…

kubernetes istio latency istio-prometheus

asked May 08 '23 at 14:15

kubson

votes

1 answer

Create Istio ingressgateway successful, but cann't find the gateway

I create a private k8s cluster, 1.24.8 then I install istio 1.17.2 by these commands: curl -L https://istio.io/downloadIstio | sh - cd istio-1.17.2 export PATH=$PWD/bin:$PATH istioctl install --set profile=demo -y here is istio install…

istio seldon-core

asked May 08 '23 at 07:15

rainbowecho

votes

0 answers

Deployment of microservices on Kubernetes with Swagger .NET Core using an istio virtual service

The swagger doc doesn't load well with the virtual service but if I test it without the virtual service, it works fine in kubernetes. El nuget del swagger es MMLib.SwaggerForOcelot. Virtual Service apiVersion: networking.istio.io/v1alpha3 kind:…

asp.net-core-webapi istio swashbuckle ocelot

asked May 04 '23 at 23:46

Sanchez Jesus

votes

2 answers

Why is the port field in Istio Gateway important?

I'm currently learning about Istio's Gateway, and there's something I don't quite understand. So when we install istio, we get the Deployment istio-ingressgateway: $ kubectl get deploy -n istio-system NAME READY UP-TO-DATE …

amazon-web-services kubernetes amazon-eks istio

asked May 04 '23 at 13:06

YoavKlein

2,005
9
38

Prev 1 2 3

…

99 100 Next