Server Fault
Server Fault

Questions tagged [istio]

41 questions
3
votes
2 answers

How can I get Egress Static IP per namespace within a EKS cluster

My current setup involves an EKS Cluster with multiple namespaces (multi-tenant) across many different EKS nodes in private subnets. I would like the egress traffic from the pods to have a dedicated EIP per namespace. AFAIK there are no off the…
Karthik Balasubramanian
  • 151
2
votes
1 answer

istio sidecar injection not working

I have installed istio in my k8s cluster, and labeled my desired namespace with istio-injection=enabled However, when I install a pod, it doesn't inject the sidecar. I followed the instructions on this page:…
Nate Houk
  • 143
2
votes
1 answer

Why is My Istio EnvoyFilter with TCP Idle Timeout Setting not working?

I have created an EnvoyFilter to apply TCP idle timeout to outbound requests. Here's my filter configuration: apiVersion: networking.istio.io/v1alpha3 kind: EnvoyFilter metadata: name: tcp-idle-timeout spec: workloadSelector: labels: …
bakadevops
  • 53
  • 1
  • 1
  • 5
2
votes
1 answer

Jupyter notebook on kubernetes not being able to connect to outside docker service

Im running a kubernetes (kubeflow + k8s) pod with a jupyter notebook and a docker service outside of the kubernetes server, im currently trying to connect to a sql service but it keeps getting ConnectionResetError, both firewall and docker are…
tommyduarte
  • 41
2
votes
0 answers

Istio egress gateway HANDSHAKE_FAILURE_ON_CLIENT_HELLO with custom certs

What we ware trying to achieve is point mesh traffic to an external service via an egressgateway. We tried several iterations, and now trying with an egressgateway in between. The external service is running with our certificates. Mesh >…
MrVentzi
  • 121
2
votes
1 answer

istio-proxy 403 error:'upstream connect error or disconnect/reset before headers. reset reason: connection failure'

We have deployed an application behind the istio ingress gateway and is accessible at test.domain.com/jenkinscore.We have used istio 1.4.5. The domain name is created for the istio ingress gateway service IP. As per the below logs, when we hit this…
Meghana B Srinath
  • 145
1
vote
1 answer

Install Istio Egress Gateway using Helm

I have already installed Istio Ingress Gateway in my AKS cluster using Helm (charts used istio/base, istio/istiod, istio/gateway from https://istio-release.storage.googleapis.com/charts). Now I want to install also an Istio Egress Gateway, but I…
Sotiris Sotiriou
  • 11
1
vote
0 answers

Resolving OpenEBS Startup Probe Failure with Istio on Kubernetes: Connection Refused Error

I'm trying to deploy a Helm chart on my Kubernetes cluster where Istio is already installed. Here's a snippet of my Helm chart's dependencies: dependencies: - name: opensearch version: "0.13.0" repository: "https://charts.bitnami.com/bitnami" -…
Tom
  • 121
1
vote
1 answer

coreDNS flooded by istio (envoy)

When there are lots of external VMs which are accessible only via a firewall and there are multiple namespaces in the cluster, each with its own set of external VMs, you end up with a lot of ServiceEntries, which in turn cause a lot of DNS queries…
bofh.at
  • 111
1
vote
2 answers

How do I configure routing for non-knative service in a Knative & Istio installed k8 cluster?

I have a Knative installed with Istio as networking layer (without injection) The kubernetes cluster is using Istio ingress gateway as default ingress. Most Knative service's routing are managed automatically by Knative & Istio. However I am trying…
Darkbluelion
  • 11
  • 1
1
vote
1 answer

How to setup custom authentication and authorization in Istio/K8?

Let's say, I have a project that has 8 pods(services). I understand that authentication and authorization are covered in Istio Gateway using jwt. So that every request is verified. But users with different roles ex: [teacher, student, staff] need to…
coolisuz
  • 13
1
vote
0 answers

aws-load-balancer-controller annotations not working

I'm trying to automatically start an ALB in my EKS cluster by using the aws-load-balancer-controller This is what the logs of my deployment look like: $ kubectl logs -n kube-system deployment.apps/aws-load-balancer-controller Found 2 pods, using…
E-Kami
  • 123
1
vote
1 answer

Istio Keeps On Showing TcpProxyValidationError Errors

I initially created an EnvoyFilter to apply idle_timeout of 5s to outbound requests originating from workloads with label app: mecha-dev. apiVersion: networking.istio.io/v1alpha3 kind: EnvoyFilter metadata: name: tcp-idle-timeout spec: …
bakadevops
  • 53
  • 1
  • 1
  • 5
1
vote
0 answers

Istio Multicluster: Terminate mTLS at Ingress Gateway for Non-proxied Service

I am writing a service to coordinate Istio control planes in a "replicated control planes" configuration. I have managed to programmatically create ServiceEntry objects that correctly route between clusters – multicluster routing works great! Things…
pnovotnak
  • 260
  • 4
  • 11
0
votes
0 answers

【help】How to implement the failover of the same application Pod between different clusters in istio non-flat network multi-control plane environment

How do I implement such a requirement From nanjing cluster test-source-869888dfdc-9k6bt Pod a request on http://helloworld.sample.svc.cluster.local:5000/hello Dispatch to different subsets based on the weight defined by the VirtualService…
15051810258139com
  • 1
  • 1
1
2 3