I have a server app listen on 8000 port and a client app which make tcp connection to server. I want use istio sidecar to redirect the tcp traffic, then I do:
apiVersion: v1
kind: Service
metadata:
name: hello-server
labels:
app: hello-server
service: hello-server
spec:
ports:
- name: tcp
port: 8000
selector:
app: hello-server
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: hello-server
labels:
app: hello-server
spec:
replicas: 1
selector:
matchLabels:
app: hello-server
template:
metadata:
labels:
app: hello-server
spec:
containers:
- name: hello-server
image: server_test
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8000
apiVersion: apps/v1
kind: Deployment
metadata:
name: hello-client
labels:
app: hello-client
spec:
replicas: 1
selector:
matchLabels:
app: hello-client
template:
metadata:
labels:
app: hello-client
spec:
containers:
- name: hello-client
image: client_test
imagePullPolicy: IfNotPresent
What's the virtualservice yaml should be?
Let workload(self app) connect to "localhost:port" and hope istio-proxy(envoy sidecar) to redirect it out is incorrect usage, at least current istio version (1.7). The istio iptables configure shell prohibit this by:
# Do not redirect app calls to back itself via Envoy when using the endpoint address
# e.g. appN => appN by lo
iptables -t nat -A ISTIO_OUTPUT -o lo -m owner ! --gid-owner "${gid}" -j RETURN