Some best practices for running Istio in production

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: transaction-log
namespace: seller
spec:
gateways:
- istio-system/secure-gateway
hosts:
- selleradstransactionlogapi.trendyol.com
http:
- match:
- uri:
prefix: /
route:
- destination:
host: transaction-log
timeout: 1.000s
exportTo:
- "."
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name: cluster-idletimeout
namespace: istio-system
spec:
configPatches:
- applyTo: NETWORK_FILTER
match:
context: SIDECAR_OUTBOUND
listener:
filterChain:
filter:
name: envoy.filters.network.http_connection_manager
patch:
operation: MERGE
value:
typed_config:
'@type': >-
type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
common_http_protocol_options:
idle_timeout: 10s
apiVersion: networking.istio.io/v1alpha3
kind: Sidecar
metadata:
name: default
namespace: ratelimit
spec:
egress:
- hosts:
- ratelimit/*
apiVersion: networking.istio.io/v1alpha3
kind: Sidecar
metadata:
name: api
namespace: browsing
spec:
egress:
- hosts:
- '*/servicename.namespace.svc.cluster.local'
- ./service.browsing.svc.cluster.local
workloadSelector:
labels:
app: api
https://github.com/Hitachi/istio-bench
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name: application-gzip
namespace: istio-system
spec:
workloadSelector:
labels:
app: workload-app
configPatches:
- applyTo: HTTP_FILTER
match:
context: SIDECAR_INBOUND
listener:
filterChain:
filter:
name: envoy.http_connection_manager
subFilter:
name: envoy.router
patch:
operation: INSERT_BEFORE
value:
name: envoy.filters.http.compressor
typed_config:
'@type': type.googleapis.com/envoy.extensions.filters.http.compressor.v3.Compressor
compressor_library:
name: text_optimized
typed_config:
'@type': type.googleapis.com/envoy.extensions.compression.gzip.compressor.v3.Gzip
remove_accept_encoding_header: true
  • x-envoy-peer-metadata
  • x-envoy-peer-metadata-id
  • x-envoy-decorator-operation

INSTANCE_IPS
100.96.50.107

LABELS*

app
wantedly

pod-template-hash  dfc5f9699
roleweb
$
security.istio.io/tlsModeistio
-
service.istio.io/canonical-name
wantedly
/
#service.istio.io/canonical-revisionlatest

MESH_ID
cluster.local
"
NAMEwantedly-dfc5f9699-fmbjj

NAMESPACE
wantedly
M
OWNERDBkubernetes://apis/apps/v1/namespaces/wantedly/deployments/wantedly

SERVICE_ACCOUNT default

WORKLOAD_NAME
wantedly

Conclusion

--

--

--

find yourself

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Responsive navbar in tailwindcss, the fast lane

Continuous Kubernetes deployments with Skaffold on Docker for Mac

Python Tutorial — Speed up your IO operations with Futures in Python

Teaching GIS to Beginners (Quickly)

AppVeyor, Travis CI and a .Net Core application

Objectively Python

How to Create a Writing Portfolio When You Have Zero Experience

Try Hack Me setup(Openvpn)

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Gokhan Karadas

Gokhan Karadas

find yourself

More from Medium

Is Kubernetes— Boring or Boon?

Modernising Post Trade Settlements with AWS and Red Hat OpenShift

MAA architecture with OCI GoldenGate and Data Guard (Using Easy Connect Plus)

A prelude to analysis of Redis memory-store