K
Q

Control Egress Traffic Configuration To Access Outside URL

1/23/2019

I'm trying to access the following db in my flask app

app.config['MONGO_DBNAME'] = 'pymongo_db'
app.config['MONGO_URI'] = 'mongodb://<dbuser>:<dbpassword>@ds163984.mlab.com:63984/pymongo_db'

but istio is blocking me so I created a ServiceEntry and a VirtualService. However, I think my config is wrong as it's not working correctly. Can somehow tell me what I'm doing wrong? https://istio.io/docs/tasks/traffic-management/egress/

apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
  name: mlab
spec:
  hosts:
  - wwww.ds163984.mlab.com
  - ds163984.mlab.com
  ports:
  - number: 443
    name: https
    protocol: HTTPS
  resolution: DNS
  location: MESH_EXTERNAL
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: mlab
spec:
  hosts:
  - wwww.ds163984.mlab.com
  - ds163984.mlab.com
  tls:
  - match:
    - port: 443
      sni_hosts:
      - wwww.ds163984.mlab.com
      - ds163984.mlab.com
    route:
    - destination:
        host: ds163984.mlab.com
        port:
          number: 443
      weight: 100
-- Annihil8
istio
kubernetes

Similar Questions

HAProxy with Kubernetes in a DR setup
Can't connect to PyMongo DB on Kubernetes
OutOfMemoryKilled when I try to build my angular code
azure aks take backup of mongodb running in k8 cluster to local file or azure storage
How to conditionally render helm templates based on existence of nested values
kubernetes on microk8s yaml file not working

1 Answer

1/23/2019

Off hand, I see at least a couple of things wrong with your configuration. The port in your ServiceEntry and VirtualService should be the mongodb port (63984), not 443, and the protocol should be TLS, not HTTPS.

There is an excellent blog post on various ways to configure access to mongodb. It sounds like this section is what you are trying to do.

-- Frank B
Source: StackOverflow