Istio Service Mesh Generator

Canary/Blue-Green Deployments, Gateways, mTLS & Authorization

Anish Nath
Quick Start Presets
Configuration
Service Info
The Kubernetes service to route to
DNS name to match (use * for all)
Version Subsets
Gateway Info
Label selector for the gateway pods
Server Config
Comma-separated list of hosts (e.g., *.example.com)
Policy Info
mTLS Configuration
STRICT is recommended for production
Authorization Policy
How to Apply
kubectl apply -f istio-config.yaml
Frequently Asked Questions

A VirtualService defines traffic routing rules. It controls how requests are routed to different versions of your service (e.g., 90% to v1, 10% to v2 for canary deployments).

A DestinationRule defines subsets of a service based on labels (e.g., version: v1). It's required for traffic splitting to work properly.

STRICT mode enforces mutual TLS for all traffic. Only encrypted, authenticated connections are allowed. This is the most secure option for production.

Istio Service Mesh FAQs

VirtualService vs DestinationRule?
VirtualService controls routing; DestinationRule defines policies (subsets, mTLS, LB) for a destination.
How to enable mTLS?
Set PeerAuthentication STRICT and DestinationRule trafficPolicy.tls=ISTIO_MUTUAL.
Canary/traffic splitting
Create version subsets and weight routes (e.g., 90/10), adding retries/timeouts where needed.

Support This Free Tool

Every coffee helps keep the servers running. Every book sale funds the next tool I'm dreaming up. You're not just supporting a site — you're helping me build what developers actually need.

500K+ users
200+ tools
100% private
One-time support Buy me a coffee 📚 Learn & support 9-Book Bundle - $9 Stay updated Follow @anish2good
Privacy Guarantee: Private keys you enter or generate are never stored on our servers. All tools are served over HTTPS.
Quick Access