1. 技术文章
  2. Istio - Connect to an external ip

Istio - Connect to an external ip

人盡茶涼 提交于 2020-12-13 07:00:17

问题


I installed Istio with

gateways.istio-egressgateway.enabled = true

When I try to connect to external database I receive an error. I do not have a domain (only ip and port), so I define the following rules:

apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
  name: external-db
spec:
  hosts:
  - external-db.tcp.svc
  addresses:
  - 190.64.31.232/32
  ports:
  - number: 3306
    name: tcp
    protocol: TCP
  location: MESH_EXTERNAL
  resolution: STATIC
  endpoints:
  - address: 190.64.31.232

then I open a Shell in my system (deployed in my service mesh) And it can't resolve the name 

$ ping external-db.tcp.svc
ping: ceip-db.tcp.svc: Name or service not known

But i can connect using the ip address

$ ping 190.64.31.232
PING 190.64.31.232 (190.64.31.232) 56(84) bytes of data.
64 bytes from 190.64.31.232: icmp_seq=1 ttl=249 time=1.35 ms
64 bytes from 190.64.31.232: icmp_seq=2 ttl=249 time=1.42 ms

What is happening? Do I have to connect using the domain or the ip? Can I define a internal domain for my external ip?


回答1:


You can create headless service with hardcoded IP endpoint: 

---
apiVersion: v1
kind: Service
metadata:
  name: external-db
spec:
  clusterIP: None
  ports:
  - protocol: TCP
    port: 3306
---
apiVersion: v1
kind: Endpoints
metadata:
  name: external-db
subsets:
  - addresses:
    - ip: 190.64.31.232
    ports:
    - port: 3306

And then you may add to your ServiceEntry a host external-db.default.svc.cluster.local




回答2:


The problem is resolving the DNS which basically relates to the configuration of resolution in your ServiceEntry.

Based on istio's documentation:

Resolution determines how the proxy will resolve the IP addresses of the network endpoints associated with the service, so that it can route to one of them.

Since you have configured it as STATIC, you are telling istio-proxy/envoy to look for an Endpoint for resolving that DNS name; hence you need to define an Endpoint as Vasily suggested.

Another easy way, if that DNS name is defined outside of your mesh, is just changing the resolution to DNS which will force istio-proxy to query DNS server during request processing.



来源:https://stackoverflow.com/questions/56094753/istio-connect-to-an-external-ip

标签
Kubernetes
Istio
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!