Istio¶
Use this guide when Istio routes external traffic into workloads managed by KubeElasti.
Resolver header¶
Istio's Envoy sidecar typically sets X-Envoy-Decorator-Operation to the destination service FQDN. The KubeElasti Helm chart defaults headerForHost to that header — no override needed when using the chart defaults.
If you run the resolver binary without Helm defaults, set the same header explicitly.
Install Istio¶
curl -L https://istio.io/downloadIstio | sh -
mv istio-* ~/.istioctl
export PATH=$HOME/.istioctl/bin:$PATH
istioctl install --set profile=default -y
Enable sidecar injection on the application namespace:
Create an ingress Gateway (playground manifest):
The playground file installs a Gateway named gateway in istio-system bound to istio-ingressgateway.
Route traffic to the target¶
A VirtualService should route to the in-cluster FQDN of the Kubernetes Service KubeElasti manages (the public Service name from your ElastiService spec).
Example for demo workload target-deployment in namespace target:
| httpbin-virtualservice.yaml | |
|---|---|
Apply the playground sample (update destination.host if your service name differs):
Prometheus trigger¶
Example query using Istio request metrics:
triggers:
- type: prometheus
metadata:
query: sum(rate(istio_requests_total{destination_service_name="target-deployment.target.svc.cluster.local"}[1m])) or vector(0)
serverAddress: http://kube-prometheus-stack-prometheus.monitoring.svc.cluster.local:9090
threshold: "0.01"
See Triggers for more query patterns.
Test (port-forward)¶
kubectl port-forward svc/istio-ingressgateway -n istio-system 8080:80
curl -v http://localhost:8080/headers
See also¶
- Integrations overview
- Resolver request routing
- Playground (Istio demo steps)
- Demo setup