istio.io | Source for the istio.io site | Service Mesh library
kandi X-RAY | istio.io Summary
kandi X-RAY | istio.io Summary
This repository contains the source code for istio.io and preliminary.istio.io. Please see the main Istio README file to learn about the overall Istio project and how to get in touch with us. To learn how you can contribute to any of the Istio components, please see the Istio contribution guidelines.
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of istio.io
istio.io Key Features
istio.io Examples and Code Snippets
Community Discussions
Trending Discussions on istio.io
QUESTION
I am following this guide.
Ingress requests are getting logged. Egress traffic control is working as expected, except I am unable to log egress HTTP requests. What is missing?
...ANSWER
Answered 2022-Feb-07 at 17:14AFAIK istio collects only ingress HTTP logs by default.
In the istio documentation there is an old article (from 2018) describing how to enable egress traffic HTTP logs.
Please keep in mind that some of the information may be outdated, however I believe this is the part that you are missing.
QUESTION
I see in the official documentation references to commands starting with istioctl x ... but there is not official definition for the usage of x.
As far as I can infer from the istioctl manual, it appears to be a shorthand for experimental.
The command istioctl | grep x does not show any reference to the x usage neither.
ANSWER
Answered 2022-Jan-05 at 08:02You are correct - x is shorthand for experimental.
You can see more information if you issue istioctl x without any additional commands:
QUESTION
How to make Istio route custom HTTP methods?
...ANSWER
Answered 2022-Jan-03 at 10:54Envoy does not support custom HTTP methods. Envoy implements the H/1 codec, which has a hardcoded list of HTTP methods it accepts (see RFC)
There is an open issue on the Envoy Github: https://github.com/envoyproxy/envoy/issues/18819
So you can't achieve what you want with an HTTP route. But you can make it work with a TCP/TLS route.
For this do the following:
- Set the correct protocol on the
service istio-ingressgateway:
QUESTION
I have an Elasticsearch DB running on Kubernetes exposed to my_domain.com/elastic as an Istio virtual service, which I have no problem accessing via the browser (as in I get to login successfully to the endpoint). I can also query the DB with Python's Requests. But I can't access the DB with the official python client if I use my_domain.com/elastic. The LoadBalancer IP works perfectly well even with the client. What am I missing? I have SSL certificates set up for my_domain.com via Cert-Manager and CloudFlare.
This works:
...ANSWER
Answered 2021-Dec-30 at 09:56I have reproduced your problem and the solution is as follows. First, pay attention to your yaml file:
QUESTION
I need to restrict pod egress traffic to external destinations. Pod should be able to access any destination on the internet and all cluster internal destinations should be denied.
This is what I tried and it is not passing validation:
...ANSWER
Answered 2021-Nov-12 at 12:35I did it using NetworkPolicy. Allow traffic to kubernetes and istio related services (could be more restrictive not just based on the namespace):
QUESTION
I am trying to create an Istio Virtualservice. However, I am getting the below error, despite me having the cluster-admin role bound to.
ANSWER
Answered 2021-Nov-04 at 04:21The solution was to add the user to the cluster-admin role
QUESTION
I have two services, say svcA and svcB that may sit in different namespaces or even in different k8s clusters. I want to configure the services so that svcA can refer to svcB using some constant address, then deploy an Istio Service Entry object depending on the environment to route the request. I will use Helm to do the deployment, so using a condition to choose the object to deploy is easy.
If svcB is in a completely different cluster, it is just like any external server and is easy to configure.
But when it is in a different namespace on the same cluster, I just could not get the Service Entry work. Maybe I don't understand all the options it provides.
Istio objects ...ANSWER
Answered 2021-Oct-25 at 13:27I have posted community wiki answer to summarize the topic and paste explanation of the problem:
After doing some random/crazy test, I found that the alias domain name must ends with well know suffix, like .com, .org, arbitrary suffix, like .svc, .alias, won't work.
If I update the above ServiceEntry object to like this. My application works.
QUESTION
I have the following filter:
...ANSWER
Answered 2021-Oct-12 at 13:46This topic is very well described in the documentation:
The simplest kind of Istio logging is Envoy’s access logging. Envoy proxies print access information to their standard output. The standard output of Envoy’s containers can then be printed by the
kubectl logscommand.
You have asked:
Where can I see what filters are applied each request?
Based on this issue on github:
There is no generic mechanism.
It follows that if you wanted to see what filter was applied to each request, you would have to create your custom solution.
However, without any problem, you can get logs about each request based on this fragment in the documentation:
If you used an
IstioOperatorCR to install Istio, add the following field to your configuration:
QUESTION
I'm trying to create an Istio ingress gateway (istio: 1.9.1, EKS: 1.18) with a duplicate targetPort like this:
ANSWER
Answered 2021-Oct-06 at 19:15Had to use different targetPorts in the end to get this working
QUESTION
I enabled Istio on GKE using istio-addon. According to the images the version of Istio is 1.6. Deployment of the application, which contains RequestAuthentication resource gives the following error:
ANSWER
Answered 2021-Aug-30 at 07:45I have posted community wiki answer for better visibility.
As Katya Gorshkova has mentioned in the comment:
Finally, I turned off istio addon and installed the newest istio 1.11.1. It worked without any problems
See also
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install istio.io
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page
