New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
No way to add a custom bootstrap configuration in ingress gateway #28302
Comments
This is documented in https://istio.io/latest/news/security/istio-security-2020-007/#mitigation but should probably be in |
We operate with a GitOp style workflow with a whole bunch of different clusters so actually doing
This might be improved by #26289? Trying to upgrade to 1.7 soon to find out Honestly it would be nice if istio just provided first class support for this... |
🚧 This issue or pull request has been closed due to not having had activity from an Istio team member since 2020-10-27. If you feel this issue or pull request deserves attention, please reopen the issue. Please see this wiki page for more information. Thank you for your contributions. Created by the issue and PR lifecycle manager. |
Should Istio support this via EnvoyFilter ? |
That would really help my usecase! |
This is supported since #33456 got merged. There are examples on this page: https://istio.io/latest/docs/reference/config/networking/envoy-filter/ At the moment only the |
The issue should be reopened as the bootstrap config is not being updated when applying configuration with histogram buckets. I would like to know how it can be fixed? Thanks. |
You need BOOTSTRAP_XDS_AGENT env var set if you do not already
…On Wed, Feb 16, 2022 at 12:36 AM Oksana Baranova ***@***.***> wrote:
The issue should be reopened as the bootstrap config is not being updated
when applying configuration with histogram buckets.
The applied Envoy Filter is: `apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name: stats
namespace: istio-system
spec:
configPatches:
- applyTo: BOOTSTRAP
patch:
operation: MERGE
value:
stats_config:
histogram_bucket_settings:
match:
contains: "xxx"
- buckets: [2,3,4,5,6,7,8,9]
`
Istioctl versions are:
client version: 1.12.2
control plane version: 1.13
data plane version: 1.13-dev (2 proxies)
I would like to know how it can be fixed? Thanks.
—
Reply to this email directly, view it on GitHub
<#28302 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAEYGXKHOXHGXBYTEZTQCGDU3NOZVANCNFSM4TAJIWOQ>
.
Triage notifications on the go with GitHub Mobile for iOS
<https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675>
or Android
<https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.
You are receiving this because you commented.Message ID:
***@***.***>
|
Bug description
There's no way to add a custom bootstrap configuration to an ingress gateway. The recommended way (for sidecars apparently) is by adding an annotation to a pod with key sidecar.istio.io/bootstrapOverride. If you add try to add this to an ingress gateway, no bootstrap configuration is injected. This annotation should either work or another interface for gateways should be exposed.
Affected product area (please put an X in all that apply)
[ x] Docs
[x ] Installation
[ ] Networking
[ ] Performance and Scalability
[x] Extensions and Telemetry
[ ] Security
[ ] Test and Release
[ ] User Experience
[ ] Developer Infrastructure
Affected features (please put an X in all that apply)
[ ] Multi Cluster
[ ] Virtual Machine
[ ] Multi Control Plane
Expected behavior
The bootstrap configuration should be built into a volume, mounted, and used by envoy.
Steps to reproduce the bug
Install Istio via Operator - two IstioOperator objects so I can control the ingressgateways in different IstioOperator objects.
Then, make a bootstrap configuration with this configmap name:
Then, either examine the deployment or run
istioctl proxy-config bootstrap pod-asdf
to examine the bootstrap configuration. The bootstrap isn't injected in.Version (include the output of
istioctl version --remote
andkubectl version --short
andhelm version
if you used Helm)$ istioctl version --remote
client version: 1.6.5
control plane version: 1.6.5
data plane version: 1.6.5 (12 proxies)
$ kubectl version --short
Client Version: v1.18.8
Server Version: v1.16.13-eks-2ba888
How was Istio installed?
IstioOperators as above
Environment where bug was observed (cloud vendor, OS, etc)
EKS v 1.16.13
The text was updated successfully, but these errors were encountered: