Can I enable pod to pod (via pod IP) communication with Istio?

1
votes

Currently running an EKS 1.14 cluster with Istio 1.5.1 and STRICT global mTLS enabled. I have a StatefulSet that has multiple pods, where one pod is elected leader and the other pods need to communicate with the leader (think rabbitMQ, cassandra, kafka).

Without Istio the communication from podA to podB works without issues by running curl -v <podA-IP> on podB. With Istio however the curl returns

curl -v 10.0.20.28:9080
* Rebuilt URL to: 10.0.20.28:9080/
*   Trying 10.0.20.28...
* TCP_NODELAY set
* Connected to 10.0.20.28 (10.0.20.28) port 9080 (#0)
> GET / HTTP/1.1
> Host: 10.0.20.28:9080
> User-Agent: curl/7.52.1
> Accept: */*
>
< HTTP/1.1 502 Bad Gateway
< date: Tue, 07 Apr 2020 14:51:59 GMT
< server: envoy
< content-length: 0
<
* Curl_http_done: called premature == 0
* Connection #0 to host 10.0.20.28 left intact

I understand that Istio is geared towards services and ideally we would just always use a service instead of a direct pod to pod connection, but in this case I do need to talk to a specific pod (whose IP is being propagated to the other pods).

Is there a way of contacting another pod by IP that is not:

  • Turning Istio off
  • Adding a ServiceEntry to treat it as an external service

Thanks in advance!

Edit: It seems to work with

curl -vvv -H "Host: serviceB" 10.0.20.28:port/page

as well, unless that's just

curl -v serviceB:port/page

in disguise.

1
kubernetesistio
i have same problem but getting 503 instead of 502. asked the question on istio discussion portal, discuss.istio.io/t/503-between-pod-to-pod-communication-1-5-1/…Deepak Deore
I found a workaround with a headless service, but unsure how it works.char

1 Answers

0
votes

Istio actually allows Pod to Pod. What you experience may be exactly the same problem I had here: Istio direct Pod to Pod communication.

You can read the thread, but in short you may be starting your communication before the Envoy sidecar is initialized, so some delaying may solve your issue.