I'm trying to create a mTLS mesh inside GKE with the Istio beta but can't communicate with the service discovery setup we currently use without the mesh.
We use Consul for service discovery as well as a keystore and package the consul executable inside our microservices to register with the main consul service in the GKE cluster. The microservices can then use the local consul client to gather items from the keystore easily. After setting up the istio mesh in a brand new cluster, and enabling auto sidecar injection, I was seeing the microservice having issues with communication. My understanding is that a k8s service needs to point to the pod for the Istio mesh to work, but we also use the service for microservices to find our main consul pod anyway (we actually use a cluster of 3, but for this test I'm only running a single pod). Here is the service yaml:
apiVersion: v1
kind: Service
metadata:
labels:
name: consul
name: consul
spec:
ports:
- name: consul-8400
port: 8400
targetPort: 8400
- name: consul-8500
port: 8500
targetPort: 8500
- name: consul-8600
port: 8600
targetPort: 8600
- name: consul-8300
port: 8300
targetPort: 8300
- name: consul-8301
port: 8301
targetPort: 8301
- name: consul-8301-udp
port: 8301
targetPort: 8301
protocol: UDP
- name: consul-8302
port: 8302
targetPort: 8302
selector:
name: consul
type: NodePortI also tested creating a similar service with the same ports pointing back to the microservice as well. I don't know what I'm missing because it's still not getting through to consul...