Comments (19)
from old_issues_repo.
Hi, we have fixed this issue in 0.2.4. You can now run your applications in any namespace, while running Istio control plane in istio-system namespace. Please test it out and let us know if it works for your use case.
from old_issues_repo.
Ah wait, I forgot I read something about this yesterday:
For the 0.1 release, Istio must be installed in the same Kubernetes namespace as the applications.
So I guess that answers my own question? Istio currently only supports a single namespace, correct?
from old_issues_repo.
For this release, Istio must be run in the same namespace as the application. You can deploy Istio multiple times in separate namespaces, in the same cluster, but this will not help in your cluster. This is because we configure istio-manager and other components to listen to k8s events in a particular namespace.
For the next release, we plan to support a cluster-wide Istio deployment, where Istio-manager, Istio-Mixer, Istio-Ingress, Istio-Egress and Istio-CA are deployed once per cluster, in a namespace called istio-system, and serves applications/services deployed in their own namespaces. This model will better fit your cluster, I hope.
Your use-case is interesting. May I ask what was the reason for separating each service in its own namespace?
from old_issues_repo.
from old_issues_repo.
Do you need all services to be visible and accessible to each-other, forming a complete mesh, or you would like to enforce other policies?
from old_issues_repo.
Your use-case is interesting. May I ask what was the reason for separating each service in its own cluster?
(I'm going to assume you meant namespace, not cluster)
Each service lives in its own namespace, with its own secrets, configmaps, services, etc. This is a nice encapsulation, and allows us to:
- be sure that any resources related to a service are scrubbed/deleted if we delete that specific namespace
- allow devs/teams to quickly set the context to a specific namespace
- have our company-wide CI easily know where to deploy services without any special configuration (we use the
<github-repo-name>-<environment>
naming scheme) - allow using a tool like stern to easily log all pods of a service
- let's us automate things like listing all services (the application kind, not Kubernetes kind) (ie. all namespaces) in our cluster, and thus at our company, we can then add extra metadata and/or annotations to automate things like responsible teams/people for projects, contact email addresses, etc.
All in all, it neatly encapsulates the concept of a "service" and let's us automate our entire workflow around it.
Do you need all services to be visible and accessible to each-other, forming a complete mesh, or you would like to enforce other policies?
What other policies are you thinking of? I think adding extra visibility/discovery separation between namespaces would be a nice bonus, but having all services be visible to each other would definitely suit our initial needs 👍
from old_issues_repo.
Same use case for us as well. We have a multi-tenant GKE cluster and we assign different namespaces to each tenant to manage resources that way.
from old_issues_repo.
I would also imagine this would be necessary for clusters with "qa/staging/production" namespaces and be able to work an "integration testing" layer by temporarily routing traffic across namespaces.
from old_issues_repo.
We have the same need. We deploy several apps to a namespace, but each affiliation in the organization have their own namespaces/projects (we are on openshift). We also have several clusters because of legacy network infrastructure.
from old_issues_repo.
+1 same need for us too. We have namespaces based on team/stack they manage (eg: frontend, backend) and all service from frontend talks to backend.
from old_issues_repo.
Not yet ready, but unblocked, and working actively on it.
from old_issues_repo.
Hi, I'm using 0.2.4, but this seems not to be working properly yet.
I have defined an Ingress rule like this:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: istio
name: ag-helper-ingress
namespace: ag-helper
spec:
rules:
- host: aghelper.arch.oami.eu
http:
paths:
- backend:
serviceName: ag-source-helper-service
servicePort: 80
path: /source.*
- backend:
serviceName: ag-processor-helper-service
servicePort: 80
path: /processor.*
- backend:
serviceName: ag-sink-helper-service
servicePort: 80
path: /sink.*
- backend:
serviceName: ag-ui-helper-service
servicePort: 80
path: /ui.*
Double-checked that all services belong in the ag-helper
namespace, but I always get a 404.
On the other side, the echoheaders
sample in the default
namespace works fine.
from old_issues_repo.
Does East-West traffic work?
from old_issues_repo.
if you will check your Ingress configuration with
istioctl get ingress-rule ag-helper-ingress-1-1
you will notice that uri type regex which seems to be not supported.
try to remove ".*" in your configuration. It will change type to "prefix" which is supported.
I ve asked this question, but no luck to have any response yet.
https://stackoverflow.com/questions/46399248/istio-incorrect-handle-of-ingress-backend-path
from old_issues_repo.
Istio 0.2.4 does not have ingress-rule
option, only routerules
.
As mentioned in my post before, the echoheaders
in the default
namespace works like a charm using path: /headers.*
, so such regex seems not to be the issue here, but the different namespace.
Can anyone confirm?
Created issue --> https://github.com/istio/issues/issues/83
from old_issues_repo.
After some more research, I realized that the problem was actually on the definition of my services which were missing a port name: http
.
Now it works like a charm.
Thanks everyone for your help.
from old_issues_repo.
Glad to see it works.
from old_issues_repo.
Fixed in 0.2.6 by multiple PRs tracked by epic istio/istio#338.
from old_issues_repo.
Related Issues (20)
- [BUG] Bookinfo tracing broken HOT 2
- BUG: Mirroring not working in Istio 0.8.0? HOT 2
- Istio 0.8.0 exposes Jaeger tracing page to the external world
- When multiple gateways are defined, only the first one is being used. HOT 5
- kubernetesenv adapter clusterDomain check HOT 1
- Istio sidecar-injector not ready after deploying istio release-0.8
- External services connectivity problem HOT 5
- How get client external ip to extrapolate geolocation HOT 2
- Deploying with rbac disabled causes pilot to never deploy HOT 1
- .0.8 latest can't pull the docker image HOT 21
- make tracing endpoint configuration straightforward HOT 2
- Traffic Management: ALL https requests work (even without a ServiceEntry) HOT 7
- High latency at scale HOT 1
- istio-pilot pod restart 60 times in nine days HOT 1
- Service Entry Not Working HOT 9
- Requests hang in fresh helm install on k8s v1.10.2-gke.3 HOT 5
- EgressRule not working for AMQP (RabbitMQ) HOT 4
- Unable to access the grafana dashboard. HOT 2
- Error: customresourcedefinitions.apiextensions.k8s.io "gateways.networking.istio.io" already exists HOT 1
- istio circuit breaker doesn't work HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from old_issues_repo.