Stack Overflow
Stack Overflow

Questions tagged [envoyproxy]

Use this tag for questions about the Envoy xDS APIs or Envoy internals.

Envoy is an L7 proxy and communication bus designed for large modern service oriented architectures. The project was born out of the belief that:

The network should be transparent to applications. When network and application problems do occur it should be easy to determine the source of the problem.

Envoy is hosted by the Cloud Native Computing Foundation (CNCF). If you are a company that wants to help shape the evolution of technologies that are container-packaged, dynamically-scheduled and microservices-oriented, consider joining the CNCF. For details about who's involved and how Envoy plays a role, read the CNCF announcement.

For official documentation, head to https://www.envoyproxy.io/

To get in touch with the envoy community, please see the contacts list.

823 questions
21
votes
2 answers

Is it possible to use Istio without kubernetes or docker?

I have 4 microservices running on my laptop listening at various ports. Can I use Istio to create a service mesh on my laptop so the services can communicate with each other through Istio? All the links on google about Istio include kubernetes but I…
user674669
  • 10,681
  • 15
  • 72
  • 105
17
votes
4 answers

Is it possible to rewrite HOST header in k8s Ingress Controller?

Due to some legacy application that relies on Host header to function correctly, I need to have an Ingress (proxy, etc) that capable of rewrite Host header and pass that to downstream (backend). Is there any Ingress Controller that supports this…
Agung Pratama
  • 3,666
  • 7
  • 36
  • 77
15
votes
1 answer

How to diagnose/fix envoy proxy "upstream connect error or disconnect/reset before headers. reset reason: connection failure"

I have a service mesh envoy proxy configuration issue. The configuration is based on this example from the official envoy proxy site: https://www.envoyproxy.io/docs/envoy/latest/start/sandboxes/front_proxy, and this ssl lesson:…
Eric Steen
  • 719
  • 2
  • 8
  • 19
14
votes
1 answer

Istio(0.7.1) : Circuit Breaker Doesn't work for httpConsecutiveErrors

Circuit breaker doesn't trip on httpConsecutiveErrors: 1 (for 500 response). All requests pass through and give a 500 instead . Circuit breaker should trip and should return 503(Service Unavailable) instead . Follow the steps Circuit breaker…
Jeson Dias
  • 883
  • 2
  • 11
  • 26
12
votes
1 answer

What are the causes of various Envoy RESPONSE_FLAGS

I'm trying to debug a mesh of services, with Envoy sat in the middle. The access logs are showing a lot of 503s, which vary in their %RESPONSE_FLAGS%. Other than the access logging docs, I can't find any explaination of what the flags actually…
mt165
  • 258
  • 2
  • 10
11
votes
1 answer

Accessing service using istio ingress gives 503 error when mTLS is enabled

I have a mutual TLS enabled Istio mesh. My setup is as follows A service running inside a pod (Service container + envoy) An envoy gateway which stays in front of the above service. An Istio Gateway and Virtual Service attached to this. It routes…
Pasan W.
  • 674
  • 2
  • 10
  • 23
10
votes
2 answers

istio-proxy closing long running TCP connection after 1 hour

TL;DR: How can we configure istio sidecar injection/istio-proxy/envoy-proxy/istio egressgateway to allow long living (>3 hours), possibly idle, TCP connections? Some details: We're trying to perform a database migration to PostgreSQL which is being…
Yayotrón
  • 1,759
  • 16
  • 27
10
votes
1 answer

how can I use environment variables in the envoyproxy config file?

Until now the only solution that I found is use --config-yaml, something like that envoy -c /etc/service-envoy.yaml \ --config-yaml "'static_resources': { 'clusters': [ { 'name': 'jaeger', 'connect_timeout': '1s', …
JuanPablo
  • 23,792
  • 39
  • 118
  • 164
10
votes
2 answers

How to automatically load new TLS Certificates for Envoy Proxy?

I'm using https://github.com/jetstack/cert-manager in a Kubernetes environment to automatically load https://letsencrypt.org/. It creates certificates that expire in 90 days. 30 days prior to expiration, cert-manager renews the certificates and…
Cameron Taggart
  • 5,771
  • 4
  • 45
  • 70
10
votes
1 answer

Why is envoy proxy required for grpc-web?

If the browser supports http/2, why does grpc-web require envoy proxy? Is it just required for older browsers that do not support http/2?
Deep Vora
  • 318
  • 3
  • 13
9
votes
1 answer

How to disable route timeout in Envoy?

I'm trying to use http2/grpc streaming, but my connection cuts off in 15 seconds. The documentation on the timeout setting says to set the timeout to 0. However when I do this then Envoy throws an error on startup complaining that 0 isn't a valid…
FinalFortune
  • 635
  • 10
  • 25
8
votes
2 answers

Is it possible to run HTTP/2 on NGINX port 443 without ssl?

I have Envoy Proxy handling SSL termination. Nginx (1.17.0 in a docker container, compiled --with-http_v2_module) is one of several upstream services. As a result, Nginx receives traffic on port 443 but does not use the ssl module: server { …
Zane Claes
  • 14,732
  • 15
  • 74
  • 131
8
votes
1 answer

How log request and response body in Istio

I'd like to log request and response body from incoming traffic to each my microservice. Is it possible in Istio (Envoy) out-of-the-box? I don't see body attribute for mapping in Mixer's EntryLog. Maybe it will be added in future version of…
montana202
  • 81
  • 1
  • 4
7
votes
0 answers

Micro Services with API Gateway - Ocelot vs Envoy

I have a .NET core based micro service architecture and have several micro services. We chose ocelot as api gateway for routing, aggregation & security implementation. During our architectural discussion it was mentioned that Envoy Api Gateway is…
VR1256
  • 1,266
  • 4
  • 28
  • 56
7
votes
1 answer

How istio send tracing spans to jaeger?

I want to use istio with existing jaeger tracing system in K8S, I began with installing jaeger system following the official link with cassandra as backend storage. Then installed istio by the helm way, but with only some selected components…
shizhz
  • 11,715
  • 3
  • 39
  • 49
1
2 3
54 55