I am new to istio. Istio intercepts all traffic between two services through istio-proxy/envoy. Is it possible to configure istio so that it ignores certain type of traffic
Thanks
As per Istio sidecar injection configuration you can exclude ports from Envoy & iptables rules using the includeInboundPorts
and excludeInboundPorts
annotations.
Example:
apiVersion: apps/v1
kind: Deployment
metadata:
name: podinfo
namespace: test
labels:
app: podinfo
spec:
selector:
matchLabels:
app: podinfo
template:
metadata:
annotations:
traffic.sidecar.istio.io/includeInboundPorts: "*"
traffic.sidecar.istio.io/excludeInboundPorts: "9999,9229"
labels:
app: podinfo
spec:
containers:
- name: podinfod
image: quay.io/stefanprodan/podinfo:1.4.0
imagePullPolicy: IfNotPresent
ports:
- containerPort: 9898
name: http
protocol: TCP
- containerPort: 9999 # <- excluded port
protocol: UDP
- containerPort: 9229 # <- excluded port
protocol: TCP
command:
- ./podinfo
- --port=9898
- --level=info