Stack Overflow
Stack Overflow

Questions tagged [istio-sidecar]

196 questions
14
votes
2 answers

Disable Istio sidecar injection to the job pod

How to disable Istio sidecar injection for the Kubernetes Job? apiVersion: batch/v1beta1 kind: CronJob metadata: name: pod-restart spec: concurrencyPolicy: Forbid schedule: '0 8 * * *' jobTemplate: metadata: annotations: …
Jonas
  • 4,683
  • 4
  • 45
  • 81
4
votes
1 answer

NR filter_chain_not_found when connecting to Nodejs TLS server using istio

I created a node js TLS server, dockerized it, and created a K8S Deployment and ClusterIP service for it. I created a DNS for the LoadBalancer service external IP of istio-ingressgateway and I’m using this DNS to try access this TLS server using…
Kareem Yasser
  • 122
  • 1
  • 3
4
votes
2 answers

Unable to log egress traffic HTTP requests with the istio-proxy

I am following this guide. Ingress requests are getting logged. Egress traffic control is working as expected, except I am unable to log egress HTTP requests. What is missing? apiVersion: networking.istio.io/v1beta1 kind: Sidecar metadata: name:…
Jonas
  • 4,683
  • 4
  • 45
  • 81
4
votes
2 answers

Kubernetes postStart lifecycle always failing

Trying to solve dependency between pods using postStart lifecycle. Use case: micro service A should start after the start of micro service B. For that we have added one container (curl) which will check if dependent service is up or not using curl…
Ankita Sawant
  • 181
  • 2
  • 10
4
votes
2 answers

IstioOperator and sidecar autoinjection

How to enable sidecar injection using IstioOperator? This is my config and it is not enough for that. apiVersion: install.istio.io/v1alpha1 kind: IstioOperator metadata: name: control-plane-1-9-4 namespace: istio-system spec: components: …
Jonas
  • 4,683
  • 4
  • 45
  • 81
4
votes
1 answer

Configure istio destination rule to use a fallback URL instead of 503

I understand you can use istio to open a circuit breaker when service isn't responding. Instead of return back a 503, is it possible to redirect to a different URL? Same question but when the original service returns back a 500, can we redirect…
user1195970
  • 73
  • 7
4
votes
1 answer

How health check of Kubernetes work with Istio?

I am doing with k8s and Istio as service meshing. I wonder what if pod in a service A is not ready(Readiness is unhealthy), How Istio will treat this pod? Is there way i can config rule of load balance(Load balance at L3/L4 layer)?
Blind
  • 99
  • 1
  • 11
3
votes
1 answer

VirtualService not recognized in mesh with mutualTLS and https port name

In our kubernetes cluster we are using istio, with mutual tls for the communication between the pods inside the mesh. Everything is working fine, but now we would like to introduce a VirtualService to able to do traffic shifting for canary…
badger864
  • 31
  • 3
3
votes
0 answers

Virtual Service retry with the mesh gateway

If the virtual service is used with the mesh gateway then retryRemoteLocalities and attempts are not working. Is it by design or I am missing something? apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: myapp spec: …
Jonas
  • 4,683
  • 4
  • 45
  • 81
3
votes
0 answers

Istio Envoy proxy cpu resources

We would like to use Istio for our workload in a production environment. The required CPU resources are documented here: https://istio.io/latest/docs/ops/deployment/performance-and-scalability/ The documentation uses a load test scenario consisting…
Jordi Alvarez
  • 175
  • 7
3
votes
1 answer

While deploying ingress gateway, what does injectionTemplate: gateway mean?

While deploying ingress gateway, what does injectionTemplate: gateway mean? It is mention here: https://istio.io/latest/docs/setup/additional-setup/gateway/#deploying-a-gateway values: gateways: istio-ingressgateway: # Enable…
sachinks
  • 51
  • 3
3
votes
1 answer

where is istio filtering trace headers like x-b3-*

I see istio is adding x-b3-traceid, x-b3-spanid and other headers to the incoming request when tracing is enabled. But none of them are returned to the caller. I am able to capture the x-b3-traceid in the log and can find it out in Tempo/Grafana. I…
user2095730
  • 33
  • 4
3
votes
0 answers

Kubernetes deployments are failed with istio-sidecar injection

Our K8 cluster was working for more than a year, recently it got some strange behavior and now when we deploy an app using kubectl apply -f deployment-manifest.yaml, it doesnt show in kubectl get pods. But shows in kubectl get deployments with 0/3…
Sachith Muhandiram
  • 2,819
  • 10
  • 45
  • 94
3
votes
1 answer

How to restrict pod egress traffic only to external

I need to restrict pod egress traffic to external destinations. Pod should be able to access any destination on the internet and all cluster internal destinations should be denied. This is what I tried and it is not passing validation: apiVersion:…
Jonas
  • 4,683
  • 4
  • 45
  • 81
3
votes
0 answers

Proper way of handling connections to an external Microsoft SQL VM cluster

I have some dotnet core microservices running in my kubernetes cluster (1.19.1), they are all running the istio sidecar proxy (1.9.1), and I am seeing some flaky connection behavior when making calls to the microservice which connects to the…
Noah Dlugoszewski
  • 41
  • 3
1
2 3
12 13