Best practices for storing Istio config objects

m-czernek · April 2, 2020, 1:54pm

Hi there folks,

Is there a recommended namespace to store your Istio config objects? For example, Gateways, VirtualServices, AuthPolicies, etc.

Most of the rIstio esources are namespaced, so we can store them in a namespace together with our deployments.

We could also create a separate namespace only for istio config. Similar to istio-system, we could create an istio-config ns that would hold all the Gateways, VirtualServices, etc. influencing our cluster.

Is there a recommended best practice for configuring Istio? Do you store your istio configs together with your applications in various namespaces, or do you prefer to store them separately? Is there a hybrid, third way?

Any thoughts also from the Istio developers and maintainers?

erSitzt · April 3, 2020, 9:11am

I moved my Gateways into a separate namespace, because i have a bunch of wildcard domains + certs that are being used by services in multiple namespaces.

VirtualServices and DestinationRules are bundled with my Deployments

jaid · May 16, 2020, 12:59am

Hi erSitzt,

Would you mind elaborating on the last sentence?

I’m trying to figure out how to manage VirtualServices… Should we have one for each release? Or should we have just one for the service? How would canary release work? How would teams customize the VirtualService? etc.

Your elaboration, should you find time to respond, could help steer me in the right direction.

Thanks,
jaid

Topic		Replies	Views
Istio setup for staging environments	0	574	January 29, 2020
Is it a good or standard practice to put all namespaces under the Istio service mesh	0	340	September 17, 2021
Can Istio be used to create service names that are resolvable in multiple namespaces?	1	505	October 1, 2019
Istio App config User Experience	0	476	February 16, 2020
Istio as a traditional ingress controller	0	387	September 11, 2019

Best practices for storing Istio config objects

Related Topics