K
Q

Istio limit access to Google cloud resources

7/28/2017

I have a service running o Google Container Engine(Kubernetes). It access Google Cloud Storage and works fine.

On the same Kubernetes cluster, I installed Istio 0.1 following to https://istio.io/v-0.1/docs/tasks/installing-istio.html

I deploy my service via kube-inject kubectl create -f <(istioctl kube-inject -f myservice.yaml) But now my service cannot access Google Cloud Storage any more. I get the following error message:

java.lang.IllegalArgumentException: A project ID is required for this service but could not be determined from the builder or the environment. Please set a project ID using the builder.

To me it looks like the kube-inject and the sidecar make something so my service cannot access information about my google cloud project I am running in. As far as I can see is the sidecar the only difference.

Service still works when deploying without kube-inject.

What can cause this effect?

-- Magnus Runesson
google-cloud-platform
istio
kubernetes

Similar Questions

Can ReadWriteOnce PVC be rejected by AWS EBS/GCP PersistentDisk upon Pod Rescheduling?
Jenkins kubernetes plugin not passing environment variables with Pipeline
Kubernetes- Helm upgrade not working
Exposing kubernetes service using elastic ip address on aws

1 Answer

7/28/2017

You may want to configure access to your external services as explained in Enabling Egress Traffic: either as Kubernetes external services or to use istioctl --includeIPRanges to exclude external traffic from being controlled by Istio.

-- Vadim Eisenberg
Source: StackOverflow