If you have both Istio and the New Relic Kubernetes integration installed and enabled in your environment, issues may arise. This page describes one issue with Istio when the New Relic Kubernetes integration is installed.
Problems
When Istio is enabled in customer clusters, the Istio-deployed Envoy proxies have a Prometheus metric endpoint that exposes Prometheus metrics.
These metrics are associated with a dedicated cluster_name as xds-grpc. If you also enable the Prometheus agent in New Relic Kubernetes integration, the agent will collect these Envoy-related metrics with cluster_name as xds_grpc in addition to the metrics with cluster_name defined through global.cluster.
Run the following query to get a full list of Envoy proxy metrics:
FROM `Metric`SELECT uniques(metricName)WHERE cluster_name = 'xds-grpc' SINCE 1 week agoWhen Istio is enabled in the newrelic namespace, the New Relic Kubernetes integration pods inside that namespace may encounter networking issues and they may not even be created due to lack of network connectivity.
For example, when you see the following error message during the installation of the Kubernetes integration, it means you may have Istio enabled in the newrelic namespace and the required secret newrelic-bundle-nri-metadata-injection-admission is failing to be created due to networking connectivity issues.
W0518 02:00:14.984463 1 client_config.go:615] Neither --kubeconfig nor --master was specified. Using the inClusterConfig. This might not work.{"err":"secrets \"newrelic-bundle-nri-metadata-injection-admission\" not found","level":"info","msg":"no secret found","source":"k8s/k8s.go:229","time":"2023-05-18T02:00:15Z"} {"level":"info","msg":"creating new secret","source":"cmd/create.go:28","time":"2023-05-18T02:00:15Z"} ...Hence, we recommend customers to disable Istio in the newrelic namespace.