I have deployed istio 1.1.6 with mtls enabled globally and prometheus enabled. I am attempting to use flagger for canary deployments (https://github.com/weaveworks/flagger)
If i deploy flagger and flagger-load within the mesh, flagger can’t communicate with prometheus. If i deploy flagger and flagger-load outside of the mesh, flagger-load can’t communicate with my applications. If i deploy flagger outside the mesh and flagger-load inside the mesh, flagger can’t communicate with flagger-load.
I opted to deploy both flagger and flagger-load within the mesh and deployed the below DR to the istio-system namespace. When i attempt to connect to prometheus i get this response: Connection reset by peer
apiVersion: networking.istio.io/v1alpha3 kind: DestinationRule metadata: name: flagger-prometheus spec: host: "prometheus.istio-system.svc.cluster.local" trafficPolicy: tls: mode: DISABLE
I expect this specific host DR to have precedence over the default *.local DR. Am i wrong about how the precedence works?