Best practices for storing Istio config objects

m-czernek · April 2, 2020, 1:54pm

Hi there folks,

Is there a recommended namespace to store your Istio config objects? For example, Gateways, VirtualServices, AuthPolicies, etc.

Most of the rIstio esources are namespaced, so we can store them in a namespace together with our deployments.

We could also create a separate namespace only for istio config. Similar to istio-system, we could create an istio-config ns that would hold all the Gateways, VirtualServices, etc. influencing our cluster.

Is there a recommended best practice for configuring Istio? Do you store your istio configs together with your applications in various namespaces, or do you prefer to store them separately? Is there a hybrid, third way?

Any thoughts also from the Istio developers and maintainers?

erSitzt · April 3, 2020, 9:11am

I moved my Gateways into a separate namespace, because i have a bunch of wildcard domains + certs that are being used by services in multiple namespaces.

VirtualServices and DestinationRules are bundled with my Deployments

jaid · May 16, 2020, 12:59am

Hi erSitzt,

Would you mind elaborating on the last sentence?

I’m trying to figure out how to manage VirtualServices… Should we have one for each release? Or should we have just one for the service? How would canary release work? How would teams customize the VirtualService? etc.

Your elaboration, should you find time to respond, could help steer me in the right direction.

Thanks,
jaid

Topic		Replies	Views
Organizing VirtualServices and Gateways (x-post)	0	590	January 29, 2019
Organizing VirtualServices and Gateways	1	769	March 13, 2019
Recommendations on ingress/egress Gateways/VirtualService architectures Networking	1	707	October 9, 2020
Istio setup for staging environments	0	611	January 29, 2020
Is it a good or standard practice to put all namespaces under the Istio service mesh	0	367	September 17, 2021

Best practices for storing Istio config objects

Related topics