Istio mesh integration

[GOVYANSONG]

Would it be possible to inject envoy proxy sidecar in the VM pod created by Virtlet? Any clarification is greatly welcome.

[GOVYANSONG]

For ingress traffic to VM, istio pilot can detect service/pod/endpoint changes in k8s and routing can be handled automatically. For egress traffic from VM, istio ingress gateway can be used to access services hosted on istio mesh.

[jellonek]

Virtlet supports only single VM inside pod so there is no way to insert any sidecar which would operate on the same network stack. IMO such integration at the moment is impossible.

[pigmej]

Actually you can run Istio with Virtlet pods. https://istio.io/docs/examples/mesh-expansion/bookinfo-expanded/#running-mysql-on-the-vm here is the example. We've been able to follow that and use istio with Virtlet.

cc @jellonek @GOVYANSONG

[GOVYANSONG]

@pigmej thanks for the reference. I have reviewed it before. Mesh expansion is a general approach for VMs. Since my original question was about auto injection envoy proxy by istio, jellonek’s comment above was very insightful.

[pigmej]

Yes I know ;) sidecar injection is no go sadly exactly by the reasons that @jellonek gave.