- Dec 24, 2023
- Istio
- 2 Minute
- 394 words
- Apr 26, 2024
Welcome to this week’s edition of the Istio Community Weekly Report! As we approach the year’s end, we’re excited to share some updates and insights in the Istio community. From monthly community meetings to pro tips on using Istio effectively, this report is packed with valuable information for everyone, whether you’re a seasoned Istio user or just getting started.
Community Updates
Join the Monthly Istio Community Meetings
Be part of the Istio monthly community meetings to engage and connect with other enthusiasts.
- When: Every fourth Thursday of the month, 10 AM US/Pacific. Check your local time .
Stay Connected
- Calendar Updates: Automatically add meetings to your calendar by joining this group .
- Meeting Details: Find agendas and notes in our working document .
- Recorded Sessions: Missed a meeting? Catch up on YouTube .
Present at the Meeting
Share your insights! Submit your talk abstract to [email protected] . Presentation guidelines and more details can be found here and here .
Istio Pro Tips
Regex in VirtualService Routing
When using regex for header-based routing in VirtualService
, it’s crucial to use Envoy’s RE2 regex
format. For example:
- Match “Google”:
regex: ".\*Google.\*"
- Match “Microsoft”:
regex: ".\*Microsoft.\*"
This .\*<string>.\*
pattern is essential for correct matching in Envoy. Remember, PCRE formats aren’t compatible with Istio.
- Key Point: Use the RE2 regex that is compatible with Envoy for precise routing. Discussion details are available on GitHub .
Zero Downtime Migration to Mutual TLS
The following diagrams illustrate the zero-downtime migration process to mutual TLS and how the remote IngressGateway and Istiod establish mTLS in a primary-remote multi-cluster deployment.
TLS Migration Process:
Sequence Chart of mTLS Establishment:
sequenceDiagram participant IG as Ingress Gateway (Remote Cluster) participant K8s as Kubernetes API (Remote Cluster) participant SA as Service Account (Remote Cluster) participant Istiod as Istiod (Primary Cluster) Note over IG: Starts up IG->>K8s: Request Service Account Token K8s->>SA: Create/Retrieve Token SA-->>IG: Return Token Note over IG: Token Mounted in Pod IG->>Istiod: Authenticate with Token Note over Istiod: Validate Token Istiod->>Istiod: Generate mTLS Certificates Istiod-->>IG: Send mTLS Certificates Note over IG: Use mTLS Certificates for Secure Communication in Mesh
For more information, visit the GitHub discussion .
As the festive season approaches, we wish all members of the Istio community a very Merry Christmas! May this season bring joy, peace, and new opportunities for innovation and collaboration. Happy Holidays!