The enableIstio attribute in the Dynatrace Kubernetes integration is designed to simplify the setup of Istio configurations by automatically creating ServiceEntries and VirtualServices. This guide explains how to use enableIstio to streamline the communication setup for Dynatrace components within an Istio service mesh.
The enableIstio attribute is a convenience feature that automatically creates ServiceEntries and VirtualServices for connection endpoints required by:
apiUrl defined in DynaKube./v1/deployment/installer/gateway/connectioninfo endpoint./v1/deployment/installer/agent/connectioninfo, which respects the networkZone attribute for routing.Use the enableIstio attribute if:
ServiceEntries and VirtualServices are required for the endpoints used by Dynatrace Operator and/or the components deployed by Dynatrace Operator.meshConfig.outboundTrafficPolicy.mode=REGISTRY_ONLY).Note that enableIstio attribute will not consider pre-existing ServiceEntries and VirtualServices. Using this attribute prematurely might lead to conflicts in Istio configurations. In complex setups, manual configuration may yield better outcomes.
Manual configuration of ServiceEntries and VirtualServices may be required in the following cases:
apiUrl defined in the DynaKube is present in ServiceEntries and VirtualServices.ServiceEntries and VirtualServices based on the output of the /v1/deployment/installer/gateway/connectioninfo endpoint.cloudNativeFullstack and applicationMonitoringServiceEntries and VirtualServices based on the output of the /v1/deployment/installer/agent/connectioninfo endpoint.classicFullStack and hostMonitoringclassicFullStack and hostMonitoring DaemonSet use hostNetwork: true in their security context, which means they can't be part of the Istio mesh.