Others
Istio Ingress vs Kubernetes Ingress
Automatic Reconfiguration
https://software.danielwatrous.com/istio-ingress-vs-kubernetes-ingress
Shared Control Plane
https://istio.io/docs/setup/install/multicluster/shared
Access Log
Default turn off, only on in demo profile
- Can be enabled globally or per namespace too
kubectl describe cm istio -n istio-system
Webinar: Debugging your debugging tools; What to do when your service mesh goes down in production?
Production Istio Installation
- Metrics & logs from control & data plane
- Setup alerts
- Enable access logs
- Outbound traffic control
- Strint mTLS instead of "auto"
- Scale out control plane
- Configure HPA
- Configure pod anti-affinity
- Non self signed CA certificates
- Locking down ingress GW ports
- Auto sidecar injection
- Production grade Prometheus & Jaeger