kandi X-RAY | istio.io Summary
kandi X-RAY | istio.io Summary
This repository contains the source code for istio.io and preliminary.istio.io. Please see the main Istio README file to learn about the overall Istio project and how to get in touch with us. To learn how you can contribute to any of the Istio components, please see the Istio contribution guidelines.
Top functions reviewed by kandi - BETA
istio.io Key Features
istio.io Examples and Code Snippets
Trending Discussions on istio.io
I am following this guide.
Ingress requests are getting logged. Egress traffic control is working as expected, except I am unable to log egress HTTP requests. What is missing?...
ANSWERAnswered 2022-Feb-07 at 17:14
AFAIK istio collects only ingress HTTP logs by default.
In the istio documentation there is an old article (from 2018) describing how to enable egress traffic HTTP logs.
Please keep in mind that some of the information may be outdated, however I believe this is the part that you are missing.
I see in the official documentation references to commands starting with
istioctl x ... but there is not official definition for the usage of
As far as I can infer from the istioctl manual, it appears to be a shorthand for
istioctl | grep x does not show any reference to the
x usage neither.
ANSWERAnswered 2022-Jan-05 at 08:02
You are correct -
x is shorthand for
You can see more information if you issue
istioctl x without any additional commands:
How to make Istio route custom HTTP methods?...
ANSWERAnswered 2022-Jan-03 at 10:54
Envoy does not support custom HTTP methods. Envoy implements the H/1 codec, which has a hardcoded list of HTTP methods it accepts (see RFC)
There is an open issue on the Envoy Github: https://github.com/envoyproxy/envoy/issues/18819
So you can't achieve what you want with an HTTP route. But you can make it work with a TCP/TLS route.
For this do the following:
- Set the correct protocol on the
I have an Elasticsearch DB running on Kubernetes exposed to
my_domain.com/elastic as an Istio virtual service, which I have no problem accessing via the browser (as in I get to login successfully to the endpoint). I can also query the DB with Python's Requests. But I can't access the DB with the official python client if I use
my_domain.com/elastic. The LoadBalancer IP works perfectly well even with the client. What am I missing? I have SSL certificates set up for my_domain.com via Cert-Manager and CloudFlare.
ANSWERAnswered 2021-Dec-30 at 09:56
I have reproduced your problem and the solution is as follows. First, pay attention to your yaml file:
I need to restrict pod egress traffic to external destinations. Pod should be able to access any destination on the internet and all cluster internal destinations should be denied.
This is what I tried and it is not passing validation:...
ANSWERAnswered 2021-Nov-12 at 12:35
I did it using
NetworkPolicy. Allow traffic to kubernetes and istio related services (could be more restrictive not just based on the namespace):
I am trying to create an Istio
Virtualservice. However, I am getting the below error, despite me having the cluster-admin role bound to.
ANSWERAnswered 2021-Nov-04 at 04:21
The solution was to add the user to the cluster-admin role
I have two services, say
svcB that may sit in different namespaces or even in different k8s clusters. I want to configure the services so that
svcA can refer to
svcB using some constant address, then deploy an Istio Service Entry object depending on the environment to route the request. I will use Helm to do the deployment, so using a condition to choose the object to deploy is easy.
svcB is in a completely different cluster, it is just like any external server and is easy to configure.
But when it is in a different namespace on the same cluster, I just could not get the Service Entry work. Maybe I don't understand all the options it provides.Istio objects ...
ANSWERAnswered 2021-Oct-25 at 13:27
I have posted community wiki answer to summarize the topic and paste explanation of the problem:
After doing some random/crazy test, I found that the alias domain name must ends with well know suffix, like
.org, arbitrary suffix, like
.alias, won't work.
If I update the above ServiceEntry object to like this. My application works.
I have the following filter:...
ANSWERAnswered 2021-Oct-12 at 13:46
This topic is very well described in the documentation:
The simplest kind of Istio logging is Envoy’s access logging. Envoy proxies print access information to their standard output. The standard output of Envoy’s containers can then be printed by the
You have asked:
Where can I see what filters are applied each request?
Based on this issue on github:
There is no generic mechanism.
It follows that if you wanted to see what filter was applied to each request, you would have to create your custom solution.
However, without any problem, you can get logs about each request based on this fragment in the documentation:
If you used an
IstioOperatorCR to install Istio, add the following field to your configuration:
I'm trying to create an Istio ingress gateway (istio: 1.9.1, EKS: 1.18) with a duplicate
targetPort like this:
ANSWERAnswered 2021-Oct-06 at 19:15
Had to use different targetPorts in the end to get this working
I enabled Istio on GKE using istio-addon. According to the images the version of Istio is
1.6. Deployment of the application, which contains
RequestAuthentication resource gives the following error:
ANSWERAnswered 2021-Aug-30 at 07:45
I have posted community wiki answer for better visibility.
As Katya Gorshkova has mentioned in the comment:
Finally, I turned off istio addon and installed the newest istio 1.11.1. It worked without any problems
No vulnerabilities reported
Reuse Trending Solutions
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page