istio is not enabled for apigee hybrid runtime components

HI,

On Apigee Hybrid installation, what I have observed is, istio-injection is not enabled on apigee namespace. Is there any reason why it is not enabled by default?

Also if I enable before installing apigee runtime components, apigee-cps-create-user pod ends in error because it is unable to connect to apigee-cassandra as shown in logs.

Here I am attaching some screenshots of same.

POD and SVC status

9879-screen-shot-2020-05-11-at-64443-pm.png

Logs for apigee-cps-create-user POD

9880-screen-shot-2020-05-11-at-64430-pm.png

1 3 365
3 REPLIES 3

Paul Williams : Do you have any comments on this please?

Can you give some more details on why you want to enable istio injection? Apigee hybrid is not intended to be installed with injection enabled.

Hi RajeshMishra@Google : Thanks for responding to the query.

By default I thought Apigee Hybrid is already enabled with Istio injection, which is not the case. There would be multiple reasons why its good to use Istio. Here are few points I bring it to you.

#1. Enabling Istio injection also enables using of tools like Kiali and Jaeger and other tracing tools.

#2. Istio by default uses mTLS for intercomponent communication and certificate rotation.

I was just curious to know why it is not enabled by default and if we enable, any reason why it fails to bring services up and running.