According to Deep dive into Envoy configuration doc each POD exposes virtual listener on POD IP:Port in Envoy.
Original part:
If you query the listener summary on a pod you will notice Istio generates the following listeners:
- A listener on
0.0.0.0:15006that receives all inbound traffic to the pod and a listener on0.0.0.0:15001that receives all outbound traffic to the pod, then hands the request over to a virtual listener.- A virtual listener per service IP, per each non-HTTP for outbound TCP/HTTPS traffic.
- A virtual listener on the pod IP for each exposed port for inbound traffic.
- A virtual listener on
0.0.0.0per each HTTP port for outbound HTTP traffic.
Is that still true for istio 1.10.3, because I cannot find this listener.
Example:
My httpbin POD is: 172.17.0.8, and httbin Container port is 80. So according to the doc asking for the listeners:
istioctl pc listeners deploy/httpbin -n bar
should yield 172.17.0.8:80 somewhere in the list of all listeners, but I can’t see that.
ADDRESS PORT MATCH DESTINATION
10.96.0.10 53 ALL Cluster: outbound|53||kube-dns.kube-system.svc.cluster.local
0.0.0.0 80 Trans: raw_buffer; App: HTTP Route: 80
0.0.0.0 80 ALL Non-HTTP/Non-TCP
10.100.190.183 443 ALL Cluster: outbound|443||istiod.istio-system.svc.cluster.local
10.101.221.100 443 ALL Cluster: outbound|443||istio-ingressgateway.istio-system.svc.cluster.local
10.105.206.194 443 ALL Cluster: outbound|443||istio-egressgateway.istio-system.svc.cluster.local
10.96.0.1 443 ALL Cluster: outbound|443||kubernetes.default.svc.cluster.local
0.0.0.0 8000 Trans: raw_buffer; App: HTTP Route: 8000
0.0.0.0 8000 ALL Non-HTTP/Non-TCP
10.96.0.10 9153 Trans: raw_buffer; App: HTTP Route: kube-dns.kube-system.svc.cluster.local:9153
10.96.0.10 9153 ALL Cluster: outbound|9153||kube-dns.kube-system.svc.cluster.local
0.0.0.0 15001 Addr: *:15001 Non-HTTP/Non-TCP
0.0.0.0 15001 ALL Non-HTTP/Non-TCP
0.0.0.0 15006 Addr: *:15006 Non-HTTP/Non-TCP
0.0.0.0 15006 Trans: tls; App: istio-http/1.0,istio-http/1.1,istio-h2; Addr: 0.0.0.0/0 InboundPassthroughClusterIpv4
0.0.0.0 15006 Trans: tls; Addr: 0.0.0.0/0 InboundPassthroughClusterIpv4
0.0.0.0 15006 Trans: raw_buffer; Addr: *:80 Cluster: inbound|80||
0.0.0.0 15010 Trans: raw_buffer; App: HTTP Route: 15010
0.0.0.0 15010 ALL Non-HTTP/Non-TCP
10.100.190.183 15012 ALL Cluster: outbound|15012||istiod.istio-system.svc.cluster.local
0.0.0.0 15014 Trans: raw_buffer; App: HTTP Route: 15014
0.0.0.0 15014 ALL Non-HTTP/Non-TCP
0.0.0.0 15021 ALL Inline Route: /healthz/ready*
10.101.221.100 15021 Trans: raw_buffer; App: HTTP Route: istio-ingressgateway.istio-system.svc.cluster.local:15021
10.101.221.100 15021 ALL Cluster: outbound|15021||istio-ingressgateway.istio-system.svc.cluster.local
0.0.0.0 15090 ALL Inline Route: /stats/prometheus*