Using istio for monitoring only?


#1

Hi there,

I’m in need of a way to collect request latency metrics for my services, but do not require the other features of istio at this point. Is there a way to disable pretty much all features except the metrics gathering and prometheus?

I installed with helm and this custom.yaml

custom.yaml
security:
    enabled: false
ingress:
    enabled: false
gateways:
    istio-ingressgateway:
        enabled: false
    istio-egressgateway:
        enabled: false
galley:
    enabled: false

prometheus:
    enabled: true

global:
    proxy:
        includeIPRanges: "172.16.0.0/12"
    mtls:
        enabled: false

And installed it simply with helm install install/kubernetes/helm/istio --name istio --namespace istio-system -f custom.yaml

But that gives me these warnings on the sidecar-injector pod and the sidecar injector doesn’t work:

kubectl describe pod istio-sidecar-injector-6d8f88c98f-q8zvn -n istio-system
Warning  FailedMount  9s                  kubelet, ip-10-1-2-45.eu-west-1.compute.internal  Unable to mount volumes for pod "istio-sidecar-injector-6d8f88c98f-q8zvn_istio-system(9874d464-3103-11e9-8d32-0ac0eec0e65e)": timeout expired waiting for volumes to attach or mount for pod "istio-system"/"istio-sidecar-injector-6d8f88c98f-q8zvn". list of unmounted volumes=[certs]. list of unattached volumes=[config-volume certs inject-config istio-sidecar-injector-service-account-token-9dmch]
Warning  FailedMount  4s (x9 over 2m12s)  kubelet, ip-10-1-2-45.eu-west-1.compute.internal  MountVolume.SetUp failed for volume "certs" : secrets "istio.istio-sidecar-injector-service-account" not found

If i enable security in the yaml file sidecar injecting starts working and everything looks good on the istio namespace, but I get HTTP 426 from my kong (nginx) api-gateway (Bypassing the gateway works).

Thanks in advance for any and all suggestions :slight_smile: