无法从istio访问外部mongo数据库服务器 [英] Unable to reach an external mongo db server from istio
问题描述
我正在尝试使用istio和envoy为需要连接到外部mongodB服务器的服务实现服务网格,但是由于某些原因,我的服务无法从istio代理访问外部mongodB服务器
I am trying to implement service mesh using istio and envoy for a service which requires connecting to external mongodB server but for some reasons, my service is unable to reach the external mongodB server from istio proxy
下面是我的服务的网关和虚拟服务配置
Below is the gateway and virtual service configuration for my service
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: gtreviews
spec:
selector:
istio: ingressgateway
servers:
- port:
number: 7890
name: http
protocol: GRPC
hosts:
- "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: reviews
spec:
hosts:
- "*"
gateways:
- gtreviews
http:
- match:
- uri:
prefix: "/reviews"
route:
- destination:
port:
number: 8080
host: reviews.istio-system.svc.cluster.local
我添加了出口服务条目,但仍然无法正常运行
I added egress service entry but still doesn't work
apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
name: external-svc-mongocluster
spec:
hosts:
- xxx.xx.com
ports:
- name: mongo
number: 27017
protocol: tcp
location: MESH_EXTERNAL
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: external-svc-mongocluster
spec:
hosts:
- xxx.xx.com
tcp:
- match:
route:
- destination:
host: xxx.xx.com
port:
number: 27017
weight: 100
推荐答案
尝试将ServiceEntry中的端口指定为TLS(名称和协议).
Try to specify the port in the ServiceEntry as TLS (the name and the protocol).
我现在正在处理有关MongoDB的任务,请检查此PR https://github.com/istio/istio.io/pull/2347/,这还很原始.
I am working on a task regarding MongoDB right now, check the "Egress control for TLS" section in this PR https://github.com/istio/istio.io/pull/2347/, it is a bit raw yet.
这篇关于无法从istio访问外部mongo数据库服务器的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
