K
Q

Is having two envoy proxies in the same K8S pod a good practice?

8/21/2019

My application is deployed in GKE, I'm trying to deploy Istio (1.2.2) and I ran into a problem: One of the deployments is a pod consisting of two containers - gRPC service and an Envoy proxy. we use the envoy as a workaround to expose an HTTP2 healthcheck for the Google loadbalancer, since the gRPC service is exposed to the world and healthcheck is mandatory.

When Istio injects it's envoy sidecar to this pod, all hell breaks loose:

  1. The requests hit the existing envoy proxy and not the istio-sidecar.
  2. Google healthchekcs to the backend servie fail.

the question arises - should I try to make both of the proxies work together or is it better to have only the Istio sidecar in this pod?

-- Medvednic
envoyproxy
google-kubernetes-engine
istio
kubernetes

Similar Questions

Configuring EKS + Express with https
The result of command Helm get values don't include comments
How to change the default nodeport range on Mac (docker-desktop)?
Monitoring kubernetes pod readiness in stackdriver
Contacting service in kubernetes
How to create a "CertificateSigningRequest" with apiVersion "certificates.k8s.io/v1" for a webhook
Threading vs Containers in Orchestration
next js failing to route to page in a subfolder using default next js routing in a kubernetes cluster
micrometer exposing actuator metrics vs kube-state-metrics vs metrics-server to set pod request/limits

2 Answers

8/23/2019

It's better to make both of the proxies to work since that Istio version is unable to distinguish between Health Checks and actual traffic.

-- Frank
Source: StackOverflow
9/5/2019

In addition, you can find more information on the official Istio release notes.

-- Galo
Source: StackOverflow