Roughly an injected microservice was trying to reach a Redis master directly by its IP, and this Redis didn’t have Envoy sidecars but it was failing “connection reset by peer”.
On the GitHub issue I received as advice to exclude all my pods (PodCIDR) from Istio list. But since the PodCIDR range is moving after each Kubernetes update, I’m looking for a stable solution.
How could I do to bypass this annoying issue? Is there a way to exclude Istio/Envoy catching requests on port 6379 (Redis port)?
This one will update the Kubernetes service to always target the Redis master even if this one changes between all “nodes (master/slaves)” in your Redis cluster.
Like that, I can reach it through service and Istio won’t put me in trouble with direct IP and PodCIDR
Thanks for your reply. Currently I am facing this issue with Redis on K3-cluster with Istio injection in that namespace.
But the provided Redis Operator belongs to K8s deployment. Looked into the CRDs.
If you get any info on it, kindly share me and is very much appreciated.
