We are using istio 1.3.3 on an openshift 3.11 cluster. We have our own application deployed that uses TCP/IP connect all of our containers together. We have our own service that we have defined as follows:
kind: Service apiVersion: v1 metadata: name: custom annotations: service.alpha.kubernetes.io/tolerate-unready-endpoints: true spec: selector: app: custom publishNotReadyAddresses: true clusterIP: None ports: - protocol: TCP name: tcp-group port: 3100
Our application looks up the ‘custom’ service using DNS and then connects to other containers in the mesh that also have that service. Up until recently, when we did this the source IP on the socket connection correctly reflected one of the containers IP addresses (10.129.0.x, 10.128.1.x). Now something has changed and whenever one of the sockets connects in it has a source IP address of 127.0.0.1. We think that this is because the istio-proxy is intercepting the inbound service call and losing the source IP address, but we don’t know why this has changed.
Has anyone got any ideas?