Interview › Istio & Service Mesh
What are the failure modes if istiod is unavailable?
Istio & Service Mesh · Intermediate level
Answer
If istiod is unavailable, existing proxies generally continue forwarding traffic with their last-known-good configuration, but new config will not propagate, new or restarted sidecars may fail to get config or certificates, certificate rotation can be impacted, and injection or validation webhooks may fail depending on configuration.
Technical explanation
Existing data-plane traffic is not normally on the control-plane request path.
Risk increases during pod restarts, scaling events, certificate renewal windows, and config rollouts.
The blast radius depends on istiod replicas, PDBs, cluster DNS, API-server connectivity, and webhook failure policies.
Hands-on example
Failure test in staging:
1. Scale istiod to zero.
2. Confirm existing service calls still work.
3. Try creating a new injected pod.
4. Try applying a VirtualService change.
5. Restore istiod and verify proxy-status returns SYNCED.
Document exact failure behavior for your platform.
Check how well your resume matches the role with our free resume checker— match score, ATS check, and the skills you're missing.
More Istio & Service Mesh interview questions
- What is Istio, and what are the core capabilities it provides?
- What is the difference between the Istio control plane and data plane?
- What is istiod, and what does it do?
- What is Envoy, and what role does it play in Istio?
- What is the sidecar pattern, and how does Istio inject the proxy?
- How does automatic sidecar injection work (namespace label, webhook)?
- What is the Istio ambient (sidecarless) mode, and how does it differ from sidecar mode?
- What is the difference between ztunnel and a waypoint proxy in ambient mode?