Access Mysql/MariaDB with DNS through Istio

Networking
1

I have a MariaDB/MySQL cluster deployed in Kubernetes w/ Istio injection enabled in the namespace. The database cluster works fine. The primary server is running on port 3306 with mariadb-primary as the service name.

I would like to externally connect to my MariaDB instance using DNS (e.g. mariadb.example.com), but am not able to make it works & I can’t seem to find the answer anywhere.

What I have so far:

Default gateway, deployed in istio-system.

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  namespace: istio-system
  name: default-gateway
spec:
  selector:
    istio: ingressgateway # use istio default controller
  servers:
    - port:
        number: 3306
        name: mysql
        protocol: TCP
      hosts:
        - "*"
    - port:
        number: 80
        name: http
        protocol: HTTP
      hosts:
        - "*"
      tls:
        httpsRedirect: true

MariaDB deployment (only VirtualService part)

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: mariadb
  namespace: mariadb
spec:
  hosts:
    - mariadb.example.com
  gateways:
    - istio-system/default-gateway
  tcp:
    - match:
        - port: 3306
      route:
        - destination:
            host: mariadb-primary # Name of the service
            port:
              number: 3306

When I try to connect to mariadb.example.com:3306 however it does not work (connection refused).

Any help appreciated!!

2

Hi, did you ever figure out a solution to this? My setup looks exactly the same, but nothing external to the cluster can reach my MySQL service.

1 Like
3

Add me to this list. Trying to work it out and getting nowhere.

4

You have to expose 3306 port for istio-gateway.

During install istio

apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
spec:
  components:
    ingressGateways:
      - namespace: istio-system
        name: istio-ingressgateway
        enabled: true
        k8s:
          service:
            ports:
              - port: 15021
                targetPort: 15021
                name: status-port
                protocol: TCP
              - port: 80
                targetPort: 8080
                name: http2
                protocol: TCP
              - port: 443
                targetPort: 8443
                name: https
                protocol: TCP
              - port: 3306
                targetPort: 3306
                name: tcp-mysql
                protocol: TCP
5

@gawsoftpl
Can you take a look at this? I want to achieve TLSRoute using SNI. Thanks!