Step 1. I deployed redis without envoy sidecar. https://github.com/kubernetes/charts/tree/master/stable/redis
When running a regis-cli in another pod which does not have envoy, redis connection working ok. => Proved redis itself functions.
Step 2. Deployed a service in another pod which has envoy sidecar inject.
When trying to connect from the service to redis, the connection is not able to set up.
spec: destination: service: "*" ports: - port: 6379 protocol: redis
Does anyone have suggestions/ideas?
If you use Istio 0.3.0, the problem you are experiencing was fixed by this PR https://github.com/istio/istio/pull/1915 . In Istio 0.4.0, this problem does not exist.
Alternatively, clone https://github.com/kubernetes/charts/tree/master/stable/redis and edit https://github.com/kubernetes/charts/blob/master/stable/redis/templates/svc.yaml#L24 - change the name of the port to be "tcp" instead of "redis".
you ll have to create service entry to connect redis from your envoy enabled service as shown below
apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
name: external-svc-redis
spec:
hosts:
- "REDIS_ENDPOINT"
location: MESH_EXTERNAL
ports:
- number: 6379
name: http
protocol: REDIS
resolution: NONE$ kubectl apply -f external-svc-redis.yaml
Did you maybe set up istio with mutual TLS enabled?
That could explain why you are not able to connect to the redis pod (not part of the mesh) from a pod that is in the mesh. This is because the sidecar on the pod that is trying to connect to redis would expect TLS communication which is not given.