Interview Istio & Service Mesh

How do you handle non-HTTP (TCP) traffic in Istio?

Istio & Service Mesh · Intermediate level

Answer

Istio can handle non-HTTP TCP traffic with L4 routing, mTLS, telemetry, and authorization based on ports, IPs, principals, and services. It cannot apply HTTP path, method, or header rules to opaque TCP traffic.

Technical explanation

Protocol detection depends on service port names and traffic behavior, so port naming matters.

For raw TCP, VirtualService tcp routes and AuthorizationPolicy TCP rules are used.

For databases and stateful protocols, test connection pooling, long-lived connections, and failover behavior carefully.

Hands-on example

TCP ServiceEntry example for an external DB:

ports:

- number: 5432

name: tcp-postgres

protocol: TCP

Then policy can allow only the app service account to that port.

Test with psql and watch Envoy TCP connection metrics rather than HTTP response-code metrics.

Preparing for an interview?

Check how well your resume matches the role with our free resume checker— match score, ATS check, and the skills you're missing.

More Istio & Service Mesh interview questions

← All Istio & Service Mesh questions