Istio to outside cluster communication issueIstio mTLS flowIstio Egresses with Kubernetes ServicesKubernetes with Istio Ingress Not Running on Standard HTTP Ports 443/80Configuring Istio, Kubernetes and MetalLB to use a Istio LoadBalancerReducing memory usage by ISTIO side carMultiple Istio instances in one clusterIstio ingress not working with headless serviceenvoy(istio) datadog integration
What happens to unproductive professors?
Moving millions of files to a different directory with specfic name patterns
What exactly is a "murder hobo"?
Is there a method for differentiating informative comments from commented out code?
Found and corrected a mistake on someone's else paper -- praxis?
Hail hit my roof. Do I need to replace it?
How does one acquire an undead eyeball encased in a gem?
What's it called when the bad guy gets eaten?
How to find the positions of replaced elements in a list
Why is the ladder of the LM always in the dark side of the LM?
Is it okay to use open source code to do an interview task?
What does Middle English "bihiȝten" mean?
User Vs. Connected App
Why does the Antonov AN-225 not have any winglets?
What would +1/+2/+3 items be called in game?
Would a Nikon FG 20 film SLR camera take pictures without batteries?
Four ships at the ocean with the same distance
When an electron changes its spin, or any other intrinsic property, is it still the same electron?
Password Hashing Security Using Scrypt & Argon2
VHF 50 Ω Antenna Over 75 Ω TV Coax
Is it okay to roll multiple attacks that all have advantage in one cluster?
How many tone holes are there actually in different orchestral woodwind instruments?
Would a carnivorous diet be able to support a giant worm?
Is it ok for parents to kiss and romance with each other while their 2- to 8-year-old child watches?
Istio to outside cluster communication issue
Istio mTLS flowIstio Egresses with Kubernetes ServicesKubernetes with Istio Ingress Not Running on Standard HTTP Ports 443/80Configuring Istio, Kubernetes and MetalLB to use a Istio LoadBalancerReducing memory usage by ISTIO side carMultiple Istio instances in one clusterIstio ingress not working with headless serviceenvoy(istio) datadog integration
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;
In my setup we send all the calls going out of cluster to an Internal Load Balancer in GCP. We do this by creating a egress service and manually adding endpoints to this service. The endpoint to this service is the IP of the Internal load balancer.
[sourabh.w@K9-MAC-035 r19-3]$ k get svc,ep -n egproxy-lle
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/egproxy ClusterIP 10.206.180.135 80/TCP,443/TCP 4d
NAME ENDPOINTS AGE
endpoints/egproxy 10.207.132.8:30443,10.207.132.8:30080 4d
[sourabh.w@K9-MAC-035 r19-3]$
For all micro-services in my setup, they have to run an "openssl s_Client" command at startup. This command is failing for me.
openssl s_client -servername ae17-api.kohlsecommerce.com -connect ae17-api.kohlsecommerce.com:443 -debug -state
While doing this I make sure ae17-api.kohlsecommerce.com is mapped to egproxy service's IP(10.206.180.135) in /etc/hosts.
Here is the o/p when I run openssl inside pod:
root@product-26-655f4f55b6-g2bpq:/# openssl s_client -servername ae17-api.kohlsecommerce.com -connect ae17-api.kohlsecommerce.com:443 -state -debug
CONNECTED(00000003)
SSL_connect:before SSL initialization
write to 0x556dc50b2860 [0x556dc50c3a20] (212 bytes => 212 (0xD4))
0000 - 16 03 01 00 cf 01 00 00-cb 03 03 43 59 24 26 31 ...........CY$&1
0010 - 4f 13 80 47 f2 09 25 f7-ec 74 40 57 7c d0 bc c6 O..G..%..t@W|...
0020 - 18 9b a7 a3 3c 38 80 d6-f4 99 62 00 00 38 c0 2c ....<8....b..8.,
0030 - c0 30 00 9f cc a9 cc a8-cc aa c0 2b c0 2f 00 9e .0.........+./..
0040 - c0 24 c0 28 00 00 c0 23-c0 88 00 67 c0 0a c0 14 .$.(.k.#.'.g....
0050 - 00 39 c0 09 c0 00 00 33-00 9d 00 9c 00 3d 00 3c .9.....3.....=.<
0060 - 00 35 00 2f 00 ff 01 00-66 6a 00 00 00 20 00 1e .5./.....j... ..
0070 - 00 00 1b 61 65 31 37 2d-61 70 69 2e 6b 6f 68 6c ...ae17-api.
0080 - 73 65 63 6f 6d 6d 65 72-63 65 2e 63 6f 6d 00 0b ecommerce.com..
0090 - 00 04 03 00 01 02 00 8a-00 0a 00 08 00 1d 00 17 ................
00a0 - 00 19 00 18 00 00 00 66-00 16 00 00 00 17 00 00 .....#..........
00b0 - 00 0d 00 20 00 00 06 01-06 02 06 03 05 01 05 02 ... ............
00c0 - 05 03 04 01 04 02 04 03-03 01 03 02 03 03 02 01 ................
00d0 - 02 02 02 03 ....
SSL_connect:SSLv3/TLS write client hello
read from 0x556dc50b2860 [0x556dc50ba803] (5 bytes => -1 (0xFFFFFFFFFFFFFFFF))
SSL_connect:error in SSLv3/TLS write client hello
write:errno=104
no peer certificate available
No client certificate CA names sent
SSL handshake has read 0 bytes and written 212 bytes
Verification: OK
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1553126020
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
I tried creating various set of serviceentries and virtualservices but nothing worked:
- With Load Balancer IP:
apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
generation: 1
name: egproxy-ext
namespace: r19-3-mui-qa
spec:
addresses:
- 10.207.132.8/32
endpoints:
- address: 10.207.132.8
hosts:
- istio-ilb.lle-mcommerce.com
location: MESH_INTERNAL
ports:
- name: http
number: 30080
protocol: HTTP
- name: https
number: 30443
protocol: HTTPS
resolution: STATIC
- with egproxy serivce FQDN:
apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
name: egproxy-headless-service-fqdn-ext
namespace: r19-3-mui-qa
spec:
addresses:
- 10.206.117.116/32
endpoints:
- address: 10.207.132.8
hosts:
- egproxy.egproxy-lle.svc.cluster.local
location: MESH_INTERNAL
ports:
- name: http
number: 30080
protocol: HTTP
- name: https
number: 30443
protocol: HTTPS
resolution: STATIC
- Destination rule for Load balancer:
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: egress-gateway
namespace: default
spec:
host: istio-ilb.lle-mcommerce.com
trafficPolicy:
loadBalancer:
simple: ROUND_ROBIN
portLevelSettings:
- port:
number: 30443
tls:
mode: SIMPLE
- Destination rule for egproxy service
Want the communication to work from microservices to ILB via headless egproxy service.
Workarounds like "egress-gateway" is also a viable option but for that also facing problems in putting together correct config to make it work.
istio
envoyproxy asked Mar 25 at 23:10
Stunn3rStunn3r
86 bronze badges
add a comment |
In my setup we send all the calls going out of cluster to an Internal Load Balancer in GCP. We do this by creating a egress service and manually adding endpoints to this service. The endpoint to this service is the IP of the Internal load balancer.
[sourabh.w@K9-MAC-035 r19-3]$ k get svc,ep -n egproxy-lle
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/egproxy ClusterIP 10.206.180.135 80/TCP,443/TCP 4d
NAME ENDPOINTS AGE
endpoints/egproxy 10.207.132.8:30443,10.207.132.8:30080 4d
[sourabh.w@K9-MAC-035 r19-3]$
For all micro-services in my setup, they have to run an "openssl s_Client" command at startup. This command is failing for me.
openssl s_client -servername ae17-api.kohlsecommerce.com -connect ae17-api.kohlsecommerce.com:443 -debug -state
While doing this I make sure ae17-api.kohlsecommerce.com is mapped to egproxy service's IP(10.206.180.135) in /etc/hosts.
Here is the o/p when I run openssl inside pod:
root@product-26-655f4f55b6-g2bpq:/# openssl s_client -servername ae17-api.kohlsecommerce.com -connect ae17-api.kohlsecommerce.com:443 -state -debug
CONNECTED(00000003)
SSL_connect:before SSL initialization
write to 0x556dc50b2860 [0x556dc50c3a20] (212 bytes => 212 (0xD4))
0000 - 16 03 01 00 cf 01 00 00-cb 03 03 43 59 24 26 31 ...........CY$&1
0010 - 4f 13 80 47 f2 09 25 f7-ec 74 40 57 7c d0 bc c6 O..G..%..t@W|...
0020 - 18 9b a7 a3 3c 38 80 d6-f4 99 62 00 00 38 c0 2c ....<8....b..8.,
0030 - c0 30 00 9f cc a9 cc a8-cc aa c0 2b c0 2f 00 9e .0.........+./..
0040 - c0 24 c0 28 00 00 c0 23-c0 88 00 67 c0 0a c0 14 .$.(.k.#.'.g....
0050 - 00 39 c0 09 c0 00 00 33-00 9d 00 9c 00 3d 00 3c .9.....3.....=.<
0060 - 00 35 00 2f 00 ff 01 00-66 6a 00 00 00 20 00 1e .5./.....j... ..
0070 - 00 00 1b 61 65 31 37 2d-61 70 69 2e 6b 6f 68 6c ...ae17-api.
0080 - 73 65 63 6f 6d 6d 65 72-63 65 2e 63 6f 6d 00 0b ecommerce.com..
0090 - 00 04 03 00 01 02 00 8a-00 0a 00 08 00 1d 00 17 ................
00a0 - 00 19 00 18 00 00 00 66-00 16 00 00 00 17 00 00 .....#..........
00b0 - 00 0d 00 20 00 00 06 01-06 02 06 03 05 01 05 02 ... ............
00c0 - 05 03 04 01 04 02 04 03-03 01 03 02 03 03 02 01 ................
00d0 - 02 02 02 03 ....
SSL_connect:SSLv3/TLS write client hello
read from 0x556dc50b2860 [0x556dc50ba803] (5 bytes => -1 (0xFFFFFFFFFFFFFFFF))
SSL_connect:error in SSLv3/TLS write client hello
write:errno=104
no peer certificate available
No client certificate CA names sent
SSL handshake has read 0 bytes and written 212 bytes
Verification: OK
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1553126020
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
I tried creating various set of serviceentries and virtualservices but nothing worked:
- With Load Balancer IP:
apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
generation: 1
name: egproxy-ext
namespace: r19-3-mui-qa
spec:
addresses:
- 10.207.132.8/32
endpoints:
- address: 10.207.132.8
hosts:
- istio-ilb.lle-mcommerce.com
location: MESH_INTERNAL
ports:
- name: http
number: 30080
protocol: HTTP
- name: https
number: 30443
protocol: HTTPS
resolution: STATIC
- with egproxy serivce FQDN:
apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
name: egproxy-headless-service-fqdn-ext
namespace: r19-3-mui-qa
spec:
addresses:
- 10.206.117.116/32
endpoints:
- address: 10.207.132.8
hosts:
- egproxy.egproxy-lle.svc.cluster.local
location: MESH_INTERNAL
ports:
- name: http
number: 30080
protocol: HTTP
- name: https
number: 30443
protocol: HTTPS
resolution: STATIC
- Destination rule for Load balancer:
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: egress-gateway
namespace: default
spec:
host: istio-ilb.lle-mcommerce.com
trafficPolicy:
loadBalancer:
simple: ROUND_ROBIN
portLevelSettings:
- port:
number: 30443
tls:
mode: SIMPLE
- Destination rule for egproxy service
Want the communication to work from microservices to ILB via headless egproxy service.
Workarounds like "egress-gateway" is also a viable option but for that also facing problems in putting together correct config to make it work.
istio
envoyproxy asked Mar 25 at 23:10
Stunn3rStunn3r
86 bronze badges
add a comment |
In my setup we send all the calls going out of cluster to an Internal Load Balancer in GCP. We do this by creating a egress service and manually adding endpoints to this service. The endpoint to this service is the IP of the Internal load balancer.
[sourabh.w@K9-MAC-035 r19-3]$ k get svc,ep -n egproxy-lle
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/egproxy ClusterIP 10.206.180.135 80/TCP,443/TCP 4d
NAME ENDPOINTS AGE
endpoints/egproxy 10.207.132.8:30443,10.207.132.8:30080 4d
[sourabh.w@K9-MAC-035 r19-3]$
For all micro-services in my setup, they have to run an "openssl s_Client" command at startup. This command is failing for me.
openssl s_client -servername ae17-api.kohlsecommerce.com -connect ae17-api.kohlsecommerce.com:443 -debug -state
While doing this I make sure ae17-api.kohlsecommerce.com is mapped to egproxy service's IP(10.206.180.135) in /etc/hosts.
Here is the o/p when I run openssl inside pod:
root@product-26-655f4f55b6-g2bpq:/# openssl s_client -servername ae17-api.kohlsecommerce.com -connect ae17-api.kohlsecommerce.com:443 -state -debug
CONNECTED(00000003)
SSL_connect:before SSL initialization
write to 0x556dc50b2860 [0x556dc50c3a20] (212 bytes => 212 (0xD4))
0000 - 16 03 01 00 cf 01 00 00-cb 03 03 43 59 24 26 31 ...........CY$&1
0010 - 4f 13 80 47 f2 09 25 f7-ec 74 40 57 7c d0 bc c6 O..G..%..t@W|...
0020 - 18 9b a7 a3 3c 38 80 d6-f4 99 62 00 00 38 c0 2c ....<8....b..8.,
0030 - c0 30 00 9f cc a9 cc a8-cc aa c0 2b c0 2f 00 9e .0.........+./..
0040 - c0 24 c0 28 00 00 c0 23-c0 88 00 67 c0 0a c0 14 .$.(.k.#.'.g....
0050 - 00 39 c0 09 c0 00 00 33-00 9d 00 9c 00 3d 00 3c .9.....3.....=.<
0060 - 00 35 00 2f 00 ff 01 00-66 6a 00 00 00 20 00 1e .5./.....j... ..
0070 - 00 00 1b 61 65 31 37 2d-61 70 69 2e 6b 6f 68 6c ...ae17-api.
0080 - 73 65 63 6f 6d 6d 65 72-63 65 2e 63 6f 6d 00 0b ecommerce.com..
0090 - 00 04 03 00 01 02 00 8a-00 0a 00 08 00 1d 00 17 ................
00a0 - 00 19 00 18 00 00 00 66-00 16 00 00 00 17 00 00 .....#..........
00b0 - 00 0d 00 20 00 00 06 01-06 02 06 03 05 01 05 02 ... ............
00c0 - 05 03 04 01 04 02 04 03-03 01 03 02 03 03 02 01 ................
00d0 - 02 02 02 03 ....
SSL_connect:SSLv3/TLS write client hello
read from 0x556dc50b2860 [0x556dc50ba803] (5 bytes => -1 (0xFFFFFFFFFFFFFFFF))
SSL_connect:error in SSLv3/TLS write client hello
write:errno=104
no peer certificate available
No client certificate CA names sent
SSL handshake has read 0 bytes and written 212 bytes
Verification: OK
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1553126020
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
I tried creating various set of serviceentries and virtualservices but nothing worked:
- With Load Balancer IP:
apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
generation: 1
name: egproxy-ext
namespace: r19-3-mui-qa
spec:
addresses:
- 10.207.132.8/32
endpoints:
- address: 10.207.132.8
hosts:
- istio-ilb.lle-mcommerce.com
location: MESH_INTERNAL
ports:
- name: http
number: 30080
protocol: HTTP
- name: https
number: 30443
protocol: HTTPS
resolution: STATIC
- with egproxy serivce FQDN:
apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
name: egproxy-headless-service-fqdn-ext
namespace: r19-3-mui-qa
spec:
addresses:
- 10.206.117.116/32
endpoints:
- address: 10.207.132.8
hosts:
- egproxy.egproxy-lle.svc.cluster.local
location: MESH_INTERNAL
ports:
- name: http
number: 30080
protocol: HTTP
- name: https
number: 30443
protocol: HTTPS
resolution: STATIC
- Destination rule for Load balancer:
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: egress-gateway
namespace: default
spec:
host: istio-ilb.lle-mcommerce.com
trafficPolicy:
loadBalancer:
simple: ROUND_ROBIN
portLevelSettings:
- port:
number: 30443
tls:
mode: SIMPLE
- Destination rule for egproxy service
Want the communication to work from microservices to ILB via headless egproxy service.
Workarounds like "egress-gateway" is also a viable option but for that also facing problems in putting together correct config to make it work.
istio
envoyproxy asked Mar 25 at 23:10
Stunn3rStunn3r
86 bronze badges
In my setup we send all the calls going out of cluster to an Internal Load Balancer in GCP. We do this by creating a egress service and manually adding endpoints to this service. The endpoint to this service is the IP of the Internal load balancer.
[sourabh.w@K9-MAC-035 r19-3]$ k get svc,ep -n egproxy-lle
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/egproxy ClusterIP 10.206.180.135 80/TCP,443/TCP 4d
NAME ENDPOINTS AGE
endpoints/egproxy 10.207.132.8:30443,10.207.132.8:30080 4d
[sourabh.w@K9-MAC-035 r19-3]$
For all micro-services in my setup, they have to run an "openssl s_Client" command at startup. This command is failing for me.
openssl s_client -servername ae17-api.kohlsecommerce.com -connect ae17-api.kohlsecommerce.com:443 -debug -state
While doing this I make sure ae17-api.kohlsecommerce.com is mapped to egproxy service's IP(10.206.180.135) in /etc/hosts.
Here is the o/p when I run openssl inside pod:
root@product-26-655f4f55b6-g2bpq:/# openssl s_client -servername ae17-api.kohlsecommerce.com -connect ae17-api.kohlsecommerce.com:443 -state -debug
CONNECTED(00000003)
SSL_connect:before SSL initialization
write to 0x556dc50b2860 [0x556dc50c3a20] (212 bytes => 212 (0xD4))
0000 - 16 03 01 00 cf 01 00 00-cb 03 03 43 59 24 26 31 ...........CY$&1
0010 - 4f 13 80 47 f2 09 25 f7-ec 74 40 57 7c d0 bc c6 O..G..%..t@W|...
0020 - 18 9b a7 a3 3c 38 80 d6-f4 99 62 00 00 38 c0 2c ....<8....b..8.,
0030 - c0 30 00 9f cc a9 cc a8-cc aa c0 2b c0 2f 00 9e .0.........+./..
0040 - c0 24 c0 28 00 00 c0 23-c0 88 00 67 c0 0a c0 14 .$.(.k.#.'.g....
0050 - 00 39 c0 09 c0 00 00 33-00 9d 00 9c 00 3d 00 3c .9.....3.....=.<
0060 - 00 35 00 2f 00 ff 01 00-66 6a 00 00 00 20 00 1e .5./.....j... ..
0070 - 00 00 1b 61 65 31 37 2d-61 70 69 2e 6b 6f 68 6c ...ae17-api.
0080 - 73 65 63 6f 6d 6d 65 72-63 65 2e 63 6f 6d 00 0b ecommerce.com..
0090 - 00 04 03 00 01 02 00 8a-00 0a 00 08 00 1d 00 17 ................
00a0 - 00 19 00 18 00 00 00 66-00 16 00 00 00 17 00 00 .....#..........
00b0 - 00 0d 00 20 00 00 06 01-06 02 06 03 05 01 05 02 ... ............
00c0 - 05 03 04 01 04 02 04 03-03 01 03 02 03 03 02 01 ................
00d0 - 02 02 02 03 ....
SSL_connect:SSLv3/TLS write client hello
read from 0x556dc50b2860 [0x556dc50ba803] (5 bytes => -1 (0xFFFFFFFFFFFFFFFF))
SSL_connect:error in SSLv3/TLS write client hello
write:errno=104
no peer certificate available
No client certificate CA names sent
SSL handshake has read 0 bytes and written 212 bytes
Verification: OK
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1553126020
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
I tried creating various set of serviceentries and virtualservices but nothing worked:
- With Load Balancer IP:
apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
generation: 1
name: egproxy-ext
namespace: r19-3-mui-qa
spec:
addresses:
- 10.207.132.8/32
endpoints:
- address: 10.207.132.8
hosts:
- istio-ilb.lle-mcommerce.com
location: MESH_INTERNAL
ports:
- name: http
number: 30080
protocol: HTTP
- name: https
number: 30443
protocol: HTTPS
resolution: STATIC
- with egproxy serivce FQDN:
apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
name: egproxy-headless-service-fqdn-ext
namespace: r19-3-mui-qa
spec:
addresses:
- 10.206.117.116/32
endpoints:
- address: 10.207.132.8
hosts:
- egproxy.egproxy-lle.svc.cluster.local
location: MESH_INTERNAL
ports:
- name: http
number: 30080
protocol: HTTP
- name: https
number: 30443
protocol: HTTPS
resolution: STATIC
- Destination rule for Load balancer:
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: egress-gateway
namespace: default
spec:
host: istio-ilb.lle-mcommerce.com
trafficPolicy:
loadBalancer:
simple: ROUND_ROBIN
portLevelSettings:
- port:
number: 30443
tls:
mode: SIMPLE
- Destination rule for egproxy service
Want the communication to work from microservices to ILB via headless egproxy service.
Workarounds like "egress-gateway" is also a viable option but for that also facing problems in putting together correct config to make it work.
istio
envoyproxy istio
envoyproxy asked Mar 25 at 23:10
Stunn3rStunn3r
86 bronze badges
asked Mar 25 at 23:10
Stunn3rStunn3r
86 bronze badges
asked Mar 25 at 23:10
Stunn3rStunn3r
86 bronze badges
asked Mar 25 at 23:10
Stunn3rStunn3r
86 bronze badges
asked Mar 25 at 23:10
Stunn3rStunn3r
86 bronze badges
86 bronze badges
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
In Istio, to access a service, you need to configure either Kubernetes Service or Istio ServiceEntry. You may need to disable mutual TLS. See this preliminary example https://deploy-preview-3899--preliminary-istio.netlify.com/docs/examples/advanced-gateways/egress-kubernetes-services/.
answered Mar 28 at 8:38
Vadim EisenbergVadim Eisenberg
2,2591 gold badge10 silver badges9 bronze badges
add a comment |
Your Answer
StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55347688%2fistio-to-outside-cluster-communication-issue%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
In Istio, to access a service, you need to configure either Kubernetes Service or Istio ServiceEntry. You may need to disable mutual TLS. See this preliminary example https://deploy-preview-3899--preliminary-istio.netlify.com/docs/examples/advanced-gateways/egress-kubernetes-services/.
answered Mar 28 at 8:38
Vadim EisenbergVadim Eisenberg
2,2591 gold badge10 silver badges9 bronze badges
add a comment |
In Istio, to access a service, you need to configure either Kubernetes Service or Istio ServiceEntry. You may need to disable mutual TLS. See this preliminary example https://deploy-preview-3899--preliminary-istio.netlify.com/docs/examples/advanced-gateways/egress-kubernetes-services/.
answered Mar 28 at 8:38
Vadim EisenbergVadim Eisenberg
2,2591 gold badge10 silver badges9 bronze badges
add a comment |
In Istio, to access a service, you need to configure either Kubernetes Service or Istio ServiceEntry. You may need to disable mutual TLS. See this preliminary example https://deploy-preview-3899--preliminary-istio.netlify.com/docs/examples/advanced-gateways/egress-kubernetes-services/.
answered Mar 28 at 8:38
Vadim EisenbergVadim Eisenberg
2,2591 gold badge10 silver badges9 bronze badges
In Istio, to access a service, you need to configure either Kubernetes Service or Istio ServiceEntry. You may need to disable mutual TLS. See this preliminary example https://deploy-preview-3899--preliminary-istio.netlify.com/docs/examples/advanced-gateways/egress-kubernetes-services/.
answered Mar 28 at 8:38
Vadim EisenbergVadim Eisenberg
2,2591 gold badge10 silver badges9 bronze badges
edited Mar 30 at 7:01
answered Mar 28 at 8:38
Vadim EisenbergVadim Eisenberg
2,2591 gold badge10 silver badges9 bronze badges
answered Mar 28 at 8:38
Vadim EisenbergVadim Eisenberg
2,2591 gold badge10 silver badges9 bronze badges
answered Mar 28 at 8:38
Vadim EisenbergVadim Eisenberg
2,2591 gold badge10 silver badges9 bronze badges
2,2591 gold badge10 silver badges9 bronze badges
add a comment |
add a comment |
Got a question that you can’t ask on public Stack Overflow? Learn more about sharing private information with Stack Overflow for Teams.
Got a question that you can’t ask on public Stack Overflow? Learn more about sharing private information with Stack Overflow for Teams.
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55347688%2fistio-to-outside-cluster-communication-issue%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
