问题
How do you allow all outbound traffic with Istio?
I tried the following:
- Disable the egress gateway and bypass the sidecar with --set global.proxy.includeIPRanges="0.0.0.0/0\,0.0.0.0/0"
None of the options work, worth to mention I'm using kubernetes 1.11.2
回答1:
I assume you followed this, that's pretty much the way to do it.
Make sure that you update the istio-sidecar-injector ConfigMap on your namespace and restart your pods.
回答2:
Doing **global.proxy.includeIPRanges: "0.0.0.0" ** won't work. Its probably by defualt 0.0.0.0. The global.proxy.includeIPRanges tells istio what IPs are included in the mesh and you want the opposite.
So if your k8s svc CIDR is 10.244.0.0/16 do global.proxy.includeIPRanges: "10.244.0.0/16" everything out of that range will bypass istio
回答3:
@user399256 if you are using helm charts you just edit that under values.yaml than you have to implement the change as explained in: this actually did anyone try to allow all traffic using global.proxy.includeIPRanges: "0.0.0.0" ? did it work? is there maybe more elegant way ?
来源:https://stackoverflow.com/questions/52682911/istio-to-allow-all-egress-traffic