Stil looking for a way to avoid Envoy capturing requests when using direct IP

Hi,

I posted several months ago this: https://github.com/istio/istio/issues/8836

Roughly an injected microservice was trying to reach a Redis master directly by its IP, and this Redis didn’t have Envoy sidecars but it was failing “connection reset by peer”.

On the GitHub issue I received as advice to exclude all my pods (PodCIDR) from Istio list. But since the PodCIDR range is moving after each Kubernetes update, I’m looking for a stable solution.

How could I do to bypass this annoying issue? Is there a way to exclude Istio/Envoy catching requests on port 6379 (Redis port)?

Thank you,

Hello Sneko,

Facing a similar issue. Did you get a resolution for it.
If so, could you post the resolution and it will be very much helpful.

Regards,
Anil

Hi @Anil_Kumar_Koduri,

I switched over a Redis operator (https://github.com/amaizfinance/redis-operator).

This one will update the Kubernetes service to always target the Redis master even if this one changes between all “nodes (master/slaves)” in your Redis cluster.

Like that, I can reach it through service and Istio won’t put me in trouble with direct IP and PodCIDR :wink:

Hope this helps,

Hi @sneko,

Thanks for your reply. Currently I am facing this issue with Redis on K3-cluster with Istio injection in that namespace.
But the provided Redis Operator belongs to K8s deployment. Looked into the CRDs.
If you get any info on it, kindly share me and is very much appreciated.

Best Regards,
Anil