Questions tagged [istio]
27 questions
2
votes
2 answers
How can I get Egress Static IP per namespace within a EKS cluster
My current setup involves an EKS Cluster with multiple namespaces (multi-tenant) across many different EKS nodes in private subnets. I would like the egress traffic from the pods to have a dedicated EIP per namespace. AFAIK there are no off the…
Karthik Balasubramanian
- 121
- 3
2
votes
1 answer
Jupyter notebook on kubernetes not being able to connect to outside docker service
Im running a kubernetes (kubeflow + k8s) pod with a jupyter notebook and a docker service outside of the kubernetes server, im currently trying to connect to a sql service but it keeps getting ConnectionResetError, both firewall and docker are…
tommyduarte
- 31
- 1
2
votes
0 answers
Istio egress gateway HANDSHAKE_FAILURE_ON_CLIENT_HELLO with custom certs
What we ware trying to achieve is point mesh traffic to an external service via an egressgateway.
We tried several iterations, and now trying with an egressgateway in between.
The external service is running with our certificates.
Mesh >…
MrVentzi
- 121
- 1
1
vote
2 answers
How do I configure routing for non-knative service in a Knative & Istio installed k8 cluster?
I have a Knative installed with Istio as networking layer (without injection)
The kubernetes cluster is using Istio ingress gateway as default ingress.
Most Knative service's routing are managed automatically by Knative & Istio.
However I am trying…
Darkbluelion
- 11
- 1
1
vote
1 answer
How to setup custom authentication and authorization in Istio/K8?
Let's say, I have a project that has 8 pods(services). I understand that authentication and authorization are covered in Istio Gateway using jwt. So that every request is verified. But users with different roles ex: [teacher, student, staff] need to…
coolisuz
- 13
- 2
1
vote
0 answers
aws-load-balancer-controller annotations not working
I'm trying to automatically start an ALB in my EKS cluster by using the aws-load-balancer-controller
This is what the logs of my deployment look like:
$ kubectl logs -n kube-system deployment.apps/aws-load-balancer-controller
Found 2 pods, using…
E-Kami
- 123
- 1
- 6
1
vote
1 answer
Istio Keeps On Showing TcpProxyValidationError Errors
I initially created an EnvoyFilter to apply idle_timeout of 5s to outbound requests originating from workloads with label app: mecha-dev.
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name: tcp-idle-timeout
spec:
…
bakadevops
- 33
- 1
- 4
1
vote
1 answer
Why is My Istio EnvoyFilter with TCP Idle Timeout Setting not working?
I have created an EnvoyFilter to apply TCP idle timeout to outbound requests. Here's my filter configuration:
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name: tcp-idle-timeout
spec:
workloadSelector:
labels:
…
bakadevops
- 33
- 1
- 4
1
vote
0 answers
Istio Multicluster: Terminate mTLS at Ingress Gateway for Non-proxied Service
I am writing a service to coordinate Istio control planes in a "replicated control planes" configuration. I have managed to programmatically create ServiceEntry objects that correctly route between clusters – multicluster routing works great! Things…
pnovotnak
- 260
- 4
- 11
1
vote
1 answer
istio-proxy 403 error:'upstream connect error or disconnect/reset before headers. reset reason: connection failure'
We have deployed an application behind the istio ingress gateway and is accessible at test.domain.com/jenkinscore.We have used istio 1.4.5. The domain name is created for the istio ingress gateway service IP. As per the below logs, when we hit this…
Meghana B Srinath
- 105
- 2
- 9
0
votes
1 answer
Istio ingress gateway cannot connect to more than one replica for a service
I'm setting up Istio in a new AWS EKS cluster and created a basic nginx deployment to test. When the deployment only has one replica, it works perfectly, responding in less than 100ms.
When I add one replica, the new pod's response time goes up like…
kenske
- 111
- 2
0
votes
0 answers
Issues Setting Up Istio Gateway
I have an AKS cluster with 2 nodes
Node A. 10.216.6.229 Node B. 10.216.6.230
We do not have External Load Balancer, so Istio Gateway EXTERNAL-IP is . As per Get Started documentation, I used command below to get INGRESS-HOST, which was set to Node A…
Dmitriy
- 1
- 1
0
votes
0 answers
How do I preserve source IP with TLS PASSTHROUGH mode on an Istio ingress gateway
I have a pod that NEEDS to keep the client cert in tact and terminate TLS at the pod level. For that reason, I’ve got to use TLS passthrough mode.
However, I also need the source IP of the original packet origin. I can’t seem to get TPROXY working…
0
votes
1 answer
Istio - Prometheus - HPA Stack not communicating [ HPA could not calculate the number of replicas ]
I have cluster with 1 control panel and 2 nodes.
Istio is installed as Service Mesh.
I do request management via istio ingress.
I want it to automatically scale by sharing metrics between Kubernetes HPA and istio prometheus, but I couldn't.
My pods…
Orgenus
- 1
- 2
0
votes
0 answers
Istio TCP Global Rate Limit
I am attempting to implement a global rate limit for tcp connections through the istio ingress gateway. I have followed the official docs for implementing a global http rate limiter service and managed to get that to work…
kraft87
- 1