Discussion on: Lessons learned from one year with Kubernetes and Istio

marcosx profile image
Marcos Brizeno Author

Hi, yeah I think everyone has been in a situation where things just don't work and you can't reproduce the problem.
I think understanding all the pieces in between someone making a request and the application inside the pod responding to it is really important and then you will be able to look at the right place faster. This talk "the life of a packet through istio" (youtube.com/watch?v=cB611FtjHcQ) is really good and it goes into a lot of details.
For logs I usually look at Ingress, Mixer and the application sidecar. Doing a port-forward and setting the istio-proxy log level to debug gives a lot of information and then you can read through everything to try and find what could be wrong.
And for best practices I think that this is where, Istio in particular, is struggling the most simply because you can do so much with it that is hard to create any sort of convention or capture best practices. One thing that helped us was running istioctl validate (istio.io/docs/reference/commands/i...) on resources being deployed to avoid potential issues - we made it part of our pipelines and also an admission controller validation.
Good luck on your journey!