Stack Overflow
Stack Overflow

Questions tagged [istio]

Istio is an open-source platform for managing and securing microservices

Istio is an open platform that provides a uniform way to connect, manage, and secure microservices. Istio supports managing traffic flows between microservices, enforcing access policies, and aggregating telemetry data, all without requiring changes to the microservice code. Istio gives you:

  • Automatic load balancing for HTTP, gRPC, and TCP traffic.
  • Fine-grained control of traffic behavior with rich routing rules, retries, failovers, and fault injection.
  • A pluggable policy layer and configuration API supporting access controls, rate limits and quotas.
  • Automatic metrics, logs, and traces for all traffic within a cluster, including cluster ingress and egress.
  • Secure service-to-service authentication with strong identity assertions between services in a cluster.

enter image description here

Getting Started

Books

2612 questions
0
votes
1 answer

Istio multi-cluster not syncing

I configured 2 clusters with ISTIO multi-cluster multi-primary on different networks. Using a sample pod running an nginx image, I was able to reach the second cluster from the other one (LoadBalancers of the E/W gateways and also the k8s API). When…
Beto Neto
  • 3,962
  • 7
  • 47
  • 81
0
votes
0 answers

Istio AuthorizationPolicy not working as expected

In EKS, I have an ALB Ingress with 2 application on the same Istio Gateway. For one of the applications I want to allow access (based on URL) only from specific subnets. Using Istio AuthorizationPolicy I can either block or allow everything but it…
truesamurai
  • 23
  • 4
0
votes
0 answers

Istio without Kubernetes

I need to build service mesh since I have a big monolith and few (around 10 but will grow in number) microservices. We don't use Kubernetes and we deploy all our service on linux as docker containers beside the monolith as it deployed as bare tomcat…
user1409534
  • 2,140
  • 4
  • 27
  • 33
0
votes
0 answers

What happens when Istio ingress gateway has overlapping hosts?

Say we have below Istio ingress gateway, which is configured with 2 overlapping hosts *.contoso.com and foo.contoso.com apiVersion: networking.istio.io/v1beta1 kind: Gateway metadata: name: external namespace: istio-system spec: selector: …
Tomking Chen
  • 343
  • 3
  • 17
0
votes
0 answers

How to specify regex in istio's uri

Expectations. /hoge/?xxx=xxx Transition the above PATH to port xxxx Current configuration http: - match: - uri: regex: '\/hoge\/\?.*$' port: xxxx What's happening. Regex is not working. I thought about using…
Kubo Ryoto
  • 13
  • 2
0
votes
0 answers

How to open the application using Normal port in Istio-gateway using Metallb for RKE Cluster

I'm using Metallb for provisioning the Load Balancer in RKE cluster. Then I installed Istio for serivce mesh. Inside that, Istio Gateway is only allowing the random NodePort of the Istio-ingress gateway service to open the application after the…
Siddharth Pandey
  • 1
  • 1
0
votes
0 answers

istio envoyfilter send access log into kafka

I need an envoyfilter that send envoy access logs into kafka. i use envoy.extensions.access_loggers.file.v3.FileAccessLog to send logs into stdout but i didn't find a way that send that access log into kafka i try to find a typed_config to send that…
amir.m ghazanfari
  • 179
  • 8
0
votes
0 answers

Istio didn't split weight correctly

I tried to follow istio traffic-management https://istio.io/latest/docs/concepts/traffic-management/ to split my traffic and rout them to different versions of a service. But what ever weight I changed to, traffic was only routed to one version, it…
milkbone123
  • 11
  • 3
0
votes
0 answers

Is it possible to rewrite path to make shorter url with VirtualService in Istio?

This is my VirtualService in Istio: apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: api-vs spec: gateways: - istio-system/gateway - mesh hosts: - api.xyz.com http: - match: - uri: …
Zak Hussain
  • 1
0
votes
0 answers

how to access istiod if proxy in another cluster

if istiod in clusterA, but istio-proxy in clusterB, how to make istio-proxy access istiod. some logs below, maybe authentication failed? istiod logs: 2023-04-22T02:03:00.122537Z error ads Failed to authenticate client from 11.151.238.183:38768:…
LB zhang
  • 11
  • 1
0
votes
0 answers

Istio Proxy blocking TCP Traffic

Currently, we have a deployment file with an init container which test connectivity to the DB as per below: - name: wait-database image: 'busybox:4.3.13' command: - sh - '-c' - >- until nc -w3 -z…
ashley
  • 1,008
  • 17
  • 37
0
votes
0 answers

Istio request routing can be tricked?

Let's look at the following configuration: We have a Kubernetes Deployment which runs some application. We have 2 such Deployments, each running a different version of the application. Also, we have a Kubernetes Service that routes traffic to these…
YoavKlein
  • 2,005
  • 9
  • 38
0
votes
0 answers

Using AuthorizationPolicy on x-auth-request-user after ext_authz EnvoyFilter

I am attempting to set up an authn/authz flow using istio and oauth2-proxy. This flow consists of: An ext_authz EnvoyFilter that targets and app label. I.e., the istio-sidecar on the targeted app's pod will intercept and reroute to an external…
Karl
  • 5,573
  • 8
  • 50
  • 73
0
votes
1 answer

Rabbitmq service not reachable within k3s pods?

I have the following setup: k3s installation and istio as ingress controller, problem we face that rabbitmq service is not reachable from within pods internally. A Service that has rabbitmq port exposed [5671] -> type: ClusterIP $ kubectl describe…
AhMaD AbUIeSa
  • 805
  • 1
  • 12
  • 21
0
votes
1 answer

Hasura Remote schema fails with the protocol error

I am redirecting the remote schema to an intermittent proxy server. And that proxy server calls the actual remote schema. excerpt as below definition: url: http://app.metrics:8080/remote-schema timeout_seconds: 60 …
chaosguru
  • 1,933
  • 4
  • 30
  • 44
1 2 3
99 100