Access Mysql/MariaDB with DNS through Istio

Sander_Decoster · December 9, 2021, 2:38pm

I have a MariaDB/MySQL cluster deployed in Kubernetes w/ Istio injection enabled in the namespace. The database cluster works fine. The primary server is running on port 3306 with mariadb-primary as the service name.

I would like to externally connect to my MariaDB instance using DNS (e.g. mariadb.example.com), but am not able to make it works & I can’t seem to find the answer anywhere.

What I have so far:

Default gateway, deployed in istio-system.

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  namespace: istio-system
  name: default-gateway
spec:
  selector:
    istio: ingressgateway # use istio default controller
  servers:
    - port:
        number: 3306
        name: mysql
        protocol: TCP
      hosts:
        - "*"
    - port:
        number: 80
        name: http
        protocol: HTTP
      hosts:
        - "*"
      tls:
        httpsRedirect: true

MariaDB deployment (only VirtualService part)

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: mariadb
  namespace: mariadb
spec:
  hosts:
    - mariadb.example.com
  gateways:
    - istio-system/default-gateway
  tcp:
    - match:
        - port: 3306
      route:
        - destination:
            host: mariadb-primary # Name of the service
            port:
              number: 3306

When I try to connect to mariadb.example.com:3306 however it does not work (connection refused).

Any help appreciated!!

jacob3 · April 4, 2022, 5:05pm

Hi, did you ever figure out a solution to this? My setup looks exactly the same, but nothing external to the cluster can reach my MySQL service.

Paul · December 21, 2022, 12:56pm

Add me to this list. Trying to work it out and getting nowhere.

gawsoftpl · March 18, 2023, 4:34pm

You have to expose 3306 port for istio-gateway.

During install istio

apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
spec:
  components:
    ingressGateways:
      - namespace: istio-system
        name: istio-ingressgateway
        enabled: true
        k8s:
          service:
            ports:
              - port: 15021
                targetPort: 15021
                name: status-port
                protocol: TCP
              - port: 80
                targetPort: 8080
                name: http2
                protocol: TCP
              - port: 443
                targetPort: 8443
                name: https
                protocol: TCP
              - port: 3306
                targetPort: 3306
                name: tcp-mysql
                protocol: TCP

raven · March 20, 2023, 2:27am

@gawsoftpl
Can you take a look at this? I want to achieve TLSRoute using SNI. Thanks!

Topic		Replies	Views
MySQL/MariaDB + istio TLS Passthrough routing based on SNI Networking	10	2060	August 10, 2023
Istio egress: mtls connexion to mariadb from kubernetes cluster	0	1169	August 13, 2021
Istio as proxy to connect tcp service (mysql host on port 3306) Networking	0	716	July 16, 2021
TCP egress gateway to AWS RDS cluster Networking	3	3347	August 6, 2019
Connect Miroservice to external mysql database through egress and service entry	0	735	August 24, 2022

Access Mysql/MariaDB with DNS through Istio

Related topics