1.9 KiB
| title | description | weight | keywords | |||
|---|---|---|---|---|---|---|
| Requirements for Pods and Services | Describes the requirements for Kubernetes pods and services to run Istio. | 80 |
|
To be a part of the service mesh, pods and services in a Kubernetes cluster must satisfy the following requirements:
-
Named ports: Service ports must be named. The port names must be of the form
<protocol>[-<suffix>]withgrpc,http,http2,https,mongo,redis,tcp,tlsorudpas the<protocol>in order to take advantage of Istio's routing features. For example,name: http2-fooorname: httpare valid port names, butname: http2foois not. If the port name does not begin with a recognized prefix or if the port is unnamed, traffic on the port will be treated as plain TCP traffic (unless the port explicitly usesProtocol: UDPto signify a UDP port). -
Service association: If a pod belongs to multiple Kubernetes services, the services cannot use the same port number for different protocols, for instance HTTP and TCP.
-
Deployments with app and version labels: It is recommended that pods deployed using the Kubernetes
Deploymenthave an explicitapplabel andversionlabel in the deployment specification. Each deployment specification should have a distinctapplabel with a value indicating something meaningful, withversionindicating the version of the app that the particular deployment corresponds to. Theapplabel is used to add contextual information in distributed tracing. Theappandversionlabels are also used to add contextual information in the metric telemetry collected by Istio. -
Application UIDs: Do not run applications as a user with the user ID (UID) value of 1337.