Hey guys,
I have a few questions about Istio and kubernetes and how to solve my issues to make it work with Cassandra when MTLS is on. I’m able to have my cassandra cluster up by making Cassandra listen on localhost and adding a route to allow the local cassandra to talk to its POD_IP. I need it to be able to use JMX calls locally and remotely.
The first issue I’ve noted is that if the corresponding Service contains a port where no listener is running, Istio fails. I don’t know if it’s intentional but it took some time to figure it out.
The second issue I have is that I need to add that route. To do it I use another container running image istio/proxyv2:1.1.7 cause my k8s cluster is limited to a set of images and if I can reuse the one Istio uses that would make it easier. However this container does not provide dumb-init and because of it and the way I run my commands, it takes a super long time to delete my StatefulSet (see deployment file). Do you see another way to do it without dumb-init ?
Is there a way to add that route using EnvoyFilter or anything else ?
Here is the command I use to add that route : iptables -t nat -I ISTIO_OUTPUT -d $(POD_IP) -j RETURN
My deployment file https://pastebin.com/vXDkQ9CD
Thank you