Hi,
As per the documentation here:
https://istio.io/docs/tasks/traffic-management/egress/
By default, Istio-enabled services are unable to access URLs outside of the cluster because the pod uses iptables to transparently redirect all outbound traffic to the sidecar proxy, which only handles intra-cluster destinations.
However, this is not the case with a clean installation using 1.1.0-rc0
. Is this a regression or a new feature that allows all external traffic by default?
Clearly my Pods’ sidecars don’t provide value for the -i
flag:
Init Containers:
istio-init:
Container ID: docker://2f31939cd6a436b46e02c75c4c9a481f7c64a45383e2322ecedcf18dff370beb
Image: docker.io/istio/proxy_init:1.1.0-rc.0
Image ID: docker-pullable://istio/proxy_init@sha256:67f698c143b05464b66fdfcbf07f8d9485e13bdf246137a175d23cee5e0d9965
Port: <none>
Host Port: <none>
Args:
-p
15001
-u
1337
-m
REDIRECT
-i
-x
-b
-d
15020