I am following example for TCP authorization for MongoDB https://istio.io/docs/tasks/security/authz-tcp/
I carefully followed each step but even after defining Destination Rules, VS, Service Role and Service Role binding, the productpage
still shows Rating service is currently unavailable
.
The output from istioctl authn tls-check
for ratings-v2
is as follows - which shows OK.
# istioctl authn tls-check ratings-v2-54f78f7c8c-2b22l | grep -i ratings
ratings.istio-lab.svc.cluster.local:9080 OK mTLS mTLS default/istio-lab ratings/istio-lab
But when I try to see ratings-v2
relationship with mongodb
.
istioctl authn tls-check ratings-v2-54f78f7c8c-2b22l | grep -i mongodb
mongodb.istio-lab.svc.cluster.local:27017 CONFLICT mTLS HTTP default/istio-lab -
What is the reason that mongodb
service is at conflict with ratings-v2
and how could I correct this? This looks like a possible case as why Ratings
does not show on the roductpage
.
Help is appreciated.