We have an openshift cluster that is shared between a couple of developers who each have their own namespace and share the same istio-system namespace. We have noticed that when one developer deploys the app, it can cause TCP sockets in the other developers namespace to get closed. If we change the service names in each namespace to be unique the problem seems to go away. Any ideas on what could be causing this? I would have thought that having separate namespaces should ensure that the two cannot interfere with each other.
Do the apps share a common ingress port or gateway? Modifications to the ingress port (eg, adding a new service), could cause existing connections to be drained. Otherwise, monitoring the sidecar listener config with istioctl proxy-config listener -o=json will help show what’s changing in the config.
Thanks for the suggestion on the proxy-config. I did a diff of the configuration before and after and I could see it was caused by having service definitions with a ’ type: LoadBalancer’ in both namespaces. Once I removed that the problems went away.
Cheers,
Ryan