Protocol Selection

    Non-TCP based protocols, such as UDP, are not proxied. These protocols will continue to function as normal, without any interception by the Istio proxy but cannot be used in proxy-only components such as ingress or egress gateways.

    Istio can automatically detect HTTP and HTTP/2 traffic. If the protocol cannot automatically be determined, traffic will be treated as plain TCP traffic.

    Protocols can be specified manually in the Service definition.

    This can be configured in two ways:

    • In Kubernetes 1.18+, by the appProtocol field: appProtocol: <protocol>.

    The following protocols are supported:

    Below is an example of a Service that defines a https port by appProtocol and an http port by name:

    Instead of using explicit protocol selection, you can instruct gateways to forward requests using the same protocol as the incoming request by setting the option for a Service. Note, however, that using this option with services that do not support HTTP/2 can be risky because HTTPS gateways always advertise support for HTTP/1.1 and HTTP/2. So even when a backend service doesn’t support HTTP/2, modern clients will think it does and often choose to use it.