How istio works in k8s?

Jinhua_Luo · April 12, 2021, 2:02pm

Considering a traffic request towards one specific service in k8s:

Resolve DNS destination host via Core-DNS (the dns server is specified in /etc/resolv.conf on each container)
The DNS would be resolved to service IP
The tcp request towards the service IP would be handled by IPVS

When we turn to use istio, I have two questions:

Does istio bypass the IPVS?
Since the application is independent of sidecar, then how the sidecar (envoy) associate the outgoing traffic with the destination service? For example, the app sends a tcp packet with dest host “foobar”, the “foobar” would be resolved first before hijacked by sidecar, how the sidecar figure out which dest send to? Use inverse DNS resolve?

Topic		Replies	Views
Accessing a service via localhost Networking	1	1442	June 17, 2020
Issues with configuring VM mesh expansion	1	1099	May 20, 2019
DNS and ServiceEntry	3	827	November 6, 2020
Unable to route to external http proxy when using a kubernetes service for DNS resolution of proxy addresses Networking	1	1125	August 16, 2021
Istio + Ambassador (Istio version 1.1.3)	1	538	May 25, 2019