问题
I am trying to implement service mesh using istio and envoy for a service which requires connecting to external mongodB server but for some reasons, my service is unable to reach the external mongodB server from istio proxy
Below is the gateway and virtual service configuration for my service
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: gtreviews
spec:
selector:
istio: ingressgateway
servers:
- port:
number: 7890
name: http
protocol: GRPC
hosts:
- "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: reviews
spec:
hosts:
- "*"
gateways:
- gtreviews
http:
- match:
- uri:
prefix: "/reviews"
route:
- destination:
port:
number: 8080
host: reviews.istio-system.svc.cluster.local
I added egress service entry but still doesn't work
apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
name: external-svc-mongocluster
spec:
hosts:
- xxx.xx.com
ports:
- name: mongo
number: 27017
protocol: tcp
location: MESH_EXTERNAL
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: external-svc-mongocluster
spec:
hosts:
- xxx.xx.com
tcp:
- match:
route:
- destination:
host: xxx.xx.com
port:
number: 27017
weight: 100
回答1:
Try to specify the port in the ServiceEntry as TLS (the name and the protocol).
I am working on a task regarding MongoDB right now, check the "Egress control for TLS" section in this PR https://github.com/istio/istio.io/pull/2347/, it is a bit raw yet.
来源:https://stackoverflow.com/questions/52857667/unable-to-reach-an-external-mongo-db-server-from-istio