[Question] Enable in-mesh pod to communicate with another in-mesh pod using PodIP (mTLS enabled)

spikecurtis · February 25, 2019, 11:30pm

Fundamentally, Istio is designed to work with services, not direct Pod IPs. It is a Service Mesh afterall.

If your application is designed to directly use pod IPs you have a couple of options:

Disable Istio for this communication
Add a new ServiceEntry manually that identifies the IP address and associates it with a “service.” In this ServiceEntry, set addresses to the pod IP, and resolution to NONE.

Using (2) for a Pod IP is likely to be brittle. If the pod goes down and is rescheduled with a new IP, connectivity to it will break until you update the ServiceEntry.

Topic		Replies	Views
Istio 1.6.6 breaks auto mTLS for Pod to Pod (by PodIP) Networking	0	795	July 30, 2020
Pod to pod mTLS failure with OPENSSL_internal:WRONG_VERSION_NUMBER	0	739	June 29, 2020
Is it possible to create a Redis Cluster within Kubernetes using a Istio Search Mesh?	4	4565	September 23, 2021
Istio-mTLS and POD IP, Port Networking	5	3148	July 24, 2020
ClusterIP networking on istio injected pods not working Networking	1	1281	July 11, 2019

[Question] Enable in-mesh pod to communicate with another in-mesh pod using PodIP (mTLS enabled)

Related Topics