istio | Connect , secure , control , and observe services | Microservice library

 by   istio Go Version: 1.18.0 License: Apache-2.0

kandi X-RAY | istio Summary

kandi X-RAY | istio Summary

istio is a Go library typically used in Architecture, Microservice applications. istio has no bugs, it has no vulnerabilities, it has a Permissive License and it has medium support. You can download it from GitHub.

Istio is an open platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. Istio's control plane provides an abstraction layer over the underlying cluster management platform, such as Kubernetes.

            kandi-support Support

              istio has a medium active ecosystem.
              It has 33150 star(s) with 7162 fork(s). There are 1007 watchers for this library.
              There were 4 major release(s) in the last 12 months.
              There are 537 open issues and 17220 have been closed. On average issues are closed in 90 days. There are 94 open pull requests and 0 closed requests.
              It has a neutral sentiment in the developer community.
              The latest version of istio is 1.18.0

            kandi-Quality Quality

              istio has 0 bugs and 0 code smells.

            kandi-Security Security

              istio has no vulnerabilities reported, and its dependent libraries have no vulnerabilities reported.
              istio code analysis shows 0 unresolved vulnerabilities.
              There are 0 security hotspots that need review.

            kandi-License License

              istio is licensed under the Apache-2.0 License. This license is Permissive.
              Permissive licenses have the least restrictions, and you can use them in most projects.

            kandi-Reuse Reuse

              istio releases are available to install and integrate.
              It has 297969 lines of code, 11350 functions and 1635 files.
              It has high code complexity. Code complexity directly impacts maintainability of the code.

            Top functions reviewed by kandi - BETA

            kandi's functional review helps you automatically verify the functionalities of the libraries and avoid rework.
            Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of istio
            Get all kandi verified functions for this library.

            istio Key Features

            No Key Features are available at this moment for istio.

            istio Examples and Code Snippets

            No Code Snippets are available at this moment for istio.

            Community Discussions


            Getting "rpc error: code = Unavailable desc = error reading from server: EOF" when trying to create a new etcdv3 client
            Asked 2022-Mar-21 at 08:25

            I'm trying to access my ETCD database from a K8s controller, but getting rpc error/EOF when trying to open ETCD client.

            My setup:

            • ETCD service is deployed in my K8s cluster and included in my Istio service mesh (its DNS record:
            • I have a custom K8s controller developed with use of Kubebuilder framework and deployed in the same cluster, different namespace, but configured to be a part of the same Istio service mesh
            • I'm trying to connect to ETCD database from the controller, using Go client SDK library for ETCD

            Here's my affected Go code:



            Answered 2022-Mar-21 at 08:25

            Turned out to be version mismatch - my ETCD db is v3.5.2 and the clientv3 library that I used was v3.5.0. As seen in ETCD changelog (



            Minikube always reset to initial state when restart it
            Asked 2022-Mar-07 at 08:38

            I faced this problem since yesterday, no problems before.
            My environment is

            • Windows 11
            • Docker Desktop 4.4.4
            • minikube 1.25.1
            • kubernetes-cli 1.23.3
            Reproduce 1. Start minikube and create cluster ...


            Answered 2022-Mar-07 at 08:38

            This seems to be a bug introduced with 1.25.0 version of minikube: . A PR to revert the changes introducing the bug is already open:

            The fix is scheduled for minikube v1.26.



            What is the knative's "mesh" gateway
            Asked 2022-Feb-22 at 19:16

            I see that for every knative service, 2 VirtualService objects are created namely ksvc-ingress which has knative-serving/knative-ingress-gateway & knative-serving/knative-local-gateway gateways configured and ksvc-mesh which has mesh as the gateway.

            I can see the knative-serving/* gateways using kubectl but I am unable to find the mesh gateway object in any namespace. I would like to understand if mesh here denotes some special object or is it an istio keyword representing something else?



            Answered 2022-Feb-18 at 08:33

            As you noticed, knative uses istio as a service mesh.

            In the Istio context mesh is not an object (or resource) like, for example, a Service. Istio About page explain what Service Mesh is:

            A service mesh is a dedicated infrastructure layer that you can add to your applications. It allows you to transparently add capabilities like observability, traffic management, and security, without adding them to your own code. The term “service mesh” describes both the type of software you use to implement this pattern, and the security or network domain that is created when you use that software.

            So mesh is a term that encapsulate all Istio objects (istio-proxy containers, Virtual Services, Ingress Gateways etc.), that work together to allow for traffic management inside cluster.

            A Gateway is a load balancer operating at the edge of the mesh receiving incoming or outgoing HTTP/TCP connections.



            Get pods in Kubernetes where all containers are "ready" in one line using kubectl
            Asked 2022-Feb-17 at 11:01

            We have cluster with Istio and also Jenkins job to get "stable" pods, which uses this kubectl query:



            Answered 2022-Feb-16 at 21:09

            What about something like this?



            Use sidecar to translate opaque token to JWT in Istio
            Asked 2022-Feb-16 at 10:56

            I consider if there is a way to use Istio to translate opaque token to JWT.

            Use case: There are two services (service 1 which is consumer and service 2 which is producer) Service1 works with opaque token, Service2 can be authenticate & authorize with JWT token. To avoid adding Opaque token authentication in service2 I consider if we can use sidecar pattern (exactly in Istio) to get request (re1) from service1, extract authorization header, pass request (authReq1) to authorization server for exchange opaque token to JWT and then pass request (req1 but with JWT instead of original Opaque Token) to service2.

            Edited answer: I see two option (option1, option2) but I am interested in option 3.

            Option 1: Option 2: Option 3:



            Answered 2022-Feb-15 at 14:48

            I consider if there is a way to use Istio to translate opaque token to JWT.

            Unfortunately, Istio won't be able to translate the tokens. In your case, it seems to me that the easiest way is to get services in such a way that they work on one type of token.

            Translation is possible, but not by Istio. Look at this question. You can also read more about Istio Authentication:

            Istio provides two types of authentication:

            • Peer authentication: used for service-to-service authentication to verify the client making the connection. Istio offers mutual TLS as a full stack solution for transport authentication, which can be enabled without requiring service code changes. This solution:

            • Provides each service with a strong identity representing its role to enable interoperability across clusters and clouds. - Secures service-to-service communication. - Provides a key management system to automate key and certificate generation, distribution, and rotation.

            • Request authentication: Used for end-user authentication to verify the credential attached to the request. Istio enables request-level authentication with JSON Web Token (JWT) validation and a streamlined developer experience using a custom authentication provider or any OpenID Connect providers, for example:

            • ORY Hydra

            • Keycloak

            • Auth0

            • Firebase Auth

            • Google Auth

            In all cases, Istio stores the authentication policies in the Istio config store via a custom Kubernetes API. Istiod keeps them up-to-date for each proxy, along with the keys where appropriate. Additionally, Istio supports authentication in permissive mode to help you understand how a policy change can affect your security posture before it is enforced.



            Unable to log egress traffic HTTP requests with the istio-proxy
            Asked 2022-Feb-11 at 10:45

            I am following this guide.

            Ingress requests are getting logged. Egress traffic control is working as expected, except I am unable to log egress HTTP requests. What is missing?



            Answered 2022-Feb-07 at 17:14

            AFAIK istio collects only ingress HTTP logs by default.

            In the istio documentation there is an old article (from 2018) describing how to enable egress traffic HTTP logs.

            Please keep in mind that some of the information may be outdated, however I believe this is the part that you are missing.



            What does istioctl x command refers to?
            Asked 2022-Jan-05 at 08:02

            I see in the official documentation references to commands starting with istioctl x ... but there is not official definition for the usage of x.

            As far as I can infer from the istioctl manual, it appears to be a shorthand for experimental.

            The command istioctl | grep x does not show any reference to the x usage neither.



            Answered 2022-Jan-05 at 08:02

            You are correct - x is shorthand for experimental.

            You can see more information if you issue istioctl x without any additional commands:



            Istio and the custom HTTP method
            Asked 2022-Jan-03 at 10:54

            How to make Istio route custom HTTP methods?



            Answered 2022-Jan-03 at 10:54

            Envoy does not support custom HTTP methods. Envoy implements the H/1 codec, which has a hardcoded list of HTTP methods it accepts (see RFC)

            There is an open issue on the Envoy Github:

            So you can't achieve what you want with an HTTP route. But you can make it work with a TCP/TLS route.

            For this do the following:

            1. Set the correct protocol on the service istio-ingressgateway:



            Able to access Elasticsearch with Python's Requests but not with official client
            Asked 2021-Dec-30 at 09:56

            I have an Elasticsearch DB running on Kubernetes exposed to as an Istio virtual service, which I have no problem accessing via the browser (as in I get to login successfully to the endpoint). I can also query the DB with Python's Requests. But I can't access the DB with the official python client if I use The LoadBalancer IP works perfectly well even with the client. What am I missing? I have SSL certificates set up for via Cert-Manager and CloudFlare.

            This works:



            Answered 2021-Dec-30 at 09:56

            I have reproduced your problem and the solution is as follows. First, pay attention to your yaml file:



            EMR EKS unable to launch driver pod
            Asked 2021-Dec-21 at 18:41

            How does one go about setting resource limits in EMR on EKS? My driver pod is failing to launch because it is requesting more CPU than it is allowed. This doesn't make sense to me. I am running the getting started code from the docs below.

            I have added --conf spark.driver.limit.cores=2 in order to try and make the limit higher than what is listed in the error message below. I got this idea from here

            This cluster does have istio running in it. I am not sure if that would cause issues.

            Here is the code I am running to trigger the job



            Answered 2021-Dec-21 at 18:41

            I was able to figure it out.


            Community Discussions, Code Snippets contain sources that include Stack Exchange Network


            No vulnerabilities reported

            Install istio

            You can download it from GitHub.


            For any new features, suggestions and bugs create an issue on GitHub. If you have any questions check and ask questions on community page Stack Overflow .
            Find more information at:

            Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items

            Find more libraries