K
Q

Question

Configure istio to not intercept traffic to serviceB:port

3/10/2019

I am new to istio. Istio intercepts all traffic between two services through istio-proxy/envoy. Is it possible to configure istio so that it ignores certain type of traffic

when serviceA makes an https call directly to serviceB on a certain port
UDP traffic

Thanks

-- user674669

istio

kubernetes

1 Answer

3/10/2019

As per Istio sidecar injection configuration you can exclude ports from Envoy & iptables rules using the includeInboundPorts and excludeInboundPorts annotations.

Example:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: podinfo
  namespace: test
  labels:
    app: podinfo
spec:
  selector:
    matchLabels:
      app: podinfo
  template:
    metadata:
      annotations:
        traffic.sidecar.istio.io/includeInboundPorts: "*"
        traffic.sidecar.istio.io/excludeInboundPorts: "9999,9229"
      labels:
        app: podinfo
    spec:
      containers:
      - name: podinfod
        image: quay.io/stefanprodan/podinfo:1.4.0
        imagePullPolicy: IfNotPresent
        ports:
        - containerPort: 9898
          name: http
          protocol: TCP
        - containerPort: 9999 # <- excluded port
          protocol: UDP
        - containerPort: 9229 # <- excluded port
          protocol: TCP
        command:
        - ./podinfo
        - --port=9898
        - --level=info

-- Stefan P.

Source: StackOverflow

KQ

Configure istio to not intercept traffic to serviceB:port

Similar Questions

1 Answer

K
Q