December 18 - 24, 2023

  • Date :December 24, 2023
  • Category : Istio
  • Word Count :394 words
  • Reading Time :2 Minute

Welcome to this week’s edition of the Istio Community Weekly Report! As we approach the year’s end, we’re excited to share some updates and insights in the Istio community. From monthly community meetings to pro tips on using Istio effectively, this report is packed with valuable information for everyone, whether you’re a seasoned Istio user or just getting started.

Community Updates

Join the Monthly Istio Community Meetings

Be part of the Istio monthly community meetings to engage and connect with other enthusiasts.

Stay Connected

  • Calendar Updates: Automatically add meetings to your calendar by joining this group .
  • Meeting Details: Find agendas and notes in our working document .
  • Recorded Sessions: Missed a meeting? Catch up on YouTube .

Present at the Meeting

Share your insights! Submit your talk abstract to [email protected] . Presentation guidelines and more details can be found here and here .

Istio Pro Tips

Regex in VirtualService Routing

When using regex for header-based routing in VirtualService, it’s crucial to use Envoy’s RE2 regex format. For example:

  • Match “Google”: regex: ".\*Google.\*"
  • Match “Microsoft”: regex: ".\*Microsoft.\*"

This .\*<string>.\* pattern is essential for correct matching in Envoy. Remember, PCRE formats aren’t compatible with Istio.

  • Key Point: Use the RE2 regex that is compatible with Envoy for precise routing. Discussion details are available on GitHub .

Zero Downtime Migration to Mutual TLS

The following diagrams illustrate the zero-downtime migration process to mutual TLS and how the remote IngressGateway and Istiod establish mTLS in a primary-remote multi-cluster deployment.

TLS Migration Process:

image
TLS Migration Process with Zero Downtime

Sequence Chart of mTLS Establishment:

sequenceDiagram
    participant IG as Ingress Gateway (Remote Cluster)
    participant K8s as Kubernetes API (Remote Cluster)
    participant SA as Service Account (Remote Cluster)
    participant Istiod as Istiod (Primary Cluster)

    Note over IG: Starts up
    IG->>K8s: Request Service Account Token
    K8s->>SA: Create/Retrieve Token
    SA-->>IG: Return Token
    Note over IG: Token Mounted in Pod

    IG->>Istiod: Authenticate with Token
    Note over Istiod: Validate Token
    Istiod->>Istiod: Generate mTLS Certificates
    Istiod-->>IG: Send mTLS Certificates

    Note over IG: Use mTLS Certificates for Secure Communication in Mesh

For more information, visit the GitHub discussion .


As the festive season approaches, we wish all members of the Istio community a very Merry Christmas! May this season bring joy, peace, and new opportunities for innovation and collaboration. Happy Holidays!