I am facing an issue in 1.1 (pre-1.1.3, though) when the sidecar seems to block all downstream connections on port 8080 an other ports used for services in istio-system. I undertsand that this is expected for external service requests, but it is happening for all requests (e.g. request to
http://my-svc.my-namespace:8080/foo/bar returns 404).
Could you please explain how to prevent the blocking? For simplicity I am testing with
my-svc being a regular kubernetes service (not a virtual service). Is the only option (besides upgrade to 1.1.3+) avoiding ports 80, 443, 3000, 8060, 8080, 9091, 150xx, 15433 and maybe some others I’ve missed? How does it come that other ports (elasticsearch, jaeger) are not blocked?