Interview › Istio & Service Mesh
How do you drain connections gracefully during a rolling update with Istio?
Istio & Service Mesh · Advanced level
Answer
To drain connections gracefully during a rolling update, I coordinate Kubernetes termination settings, application shutdown, Envoy drain duration, readiness removal, and load-balancer behavior. The pod should stop receiving new traffic before the app exits, while existing requests complete where possible.
Technical explanation
Readiness should fail first so Kubernetes removes the pod from endpoints.
The app should stop accepting new work and complete in-flight requests.
Envoy should drain downstream connections within terminationGracePeriodSeconds.
Hands-on example
Runbook:
1. Configure app graceful shutdown on SIGTERM.
2. Set terminationGracePeriodSeconds to 30-60s or workload-specific value.
3. Use preStop if needed to give endpoint removal time.
4. Configure proxy drain duration if required.
5. Load test a rolling update and verify no 5xx spike.
Check how well your resume matches the role with our free resume checker— match score, ATS check, and the skills you're missing.
More Istio & Service Mesh interview questions
- What is Istio, and what are the core capabilities it provides?
- What is the difference between the Istio control plane and data plane?
- What is istiod, and what does it do?
- What is Envoy, and what role does it play in Istio?
- What is the sidecar pattern, and how does Istio inject the proxy?
- How does automatic sidecar injection work (namespace label, webhook)?
- What is the Istio ambient (sidecarless) mode, and how does it differ from sidecar mode?
- What is the difference between ztunnel and a waypoint proxy in ambient mode?