I have Istio installed in my cluster, and the sidecar on one of my pods in namespace proto. Then i have elasticsearch installed in another namespace, which dosent have the sidecar. The problem is that i can't curl elasticsearch from inside my pods in proto namespace, but i can do it from exactly the same pod, but in another namespace without the sidecar on it.
This is the error:
/app # curl -k https://elasticsearch-elasticsearch-cluster.logging.svc.cluster.local:9200 curl: (35) Unknown SSL protocol error in connection to elasticsearch-elasticsearch-cluster.logging.svc.cluster.local:9200
Anybody know what could be the problem here ?
Try to give the port 9200 in the spec of the service some name starting with tcp, like tcp-elastic-search-port or, also, specify the protocol's port as TCP. It will instruct Istio to treat the traffic to that port as tcp.
The issue is probably related to the Istio port handling, protocol-wise - see https://istio.io/docs/setup/kubernetes/sidecar-injection.html#pod-spec-requirements.
Okay, so i fixed the problem. After different kinds of installations, and on new clean clusters as well, i got it working by install the helm chart from istio master branch, and activate automatic sidecar injection in the values.yaml file.
The helm chart from latest istio version 0.7.1 is not working, and manual sidecar injection is not working either, so i needed to use the automatic, by activating it in the helm chart.
I'am not sure why it didn't work before, i can curl my elasticsearch from another namespace without sidecar now, and egress rules works as expected.
Thanks, for the help anyway :)