K
Q

Running helm commands in a pod with istio-proxy

4/10/2019

I am using istio-1.1.1. I have a pod which basically can run helm comands. If I disable istio-proxy, I can easily run commands like

helm status --debug
[debug] Created tunnel using local port: '41683'

[debug] SERVER: "127.0.0.1:41683"

The port number changes everytime.

However, when I enable istio-proxy, I get the following error:

# helm status --debug
Error: an error on the server ("") has prevented the request from succeeding (get pods)`

How can I debug this issue? Does it have anything to do with egress?

-- kosta
google-kubernetes-engine
istio
kubernetes-helm

Similar Questions

Is there a way to skip a delayed stage immidiately in gitlab pipeline?
How to Add or Repair kube-dns in EKS?
How to get notified or alerted on config reloader error in prometheus operator?
Is it possible to have "local" keyspace in a cassandra cluster with multiple datacenters
Accessing kubernetes namespace (value) from inside a pod
Serve RSA & EC certificate in same istio gateway
How to set Node status Manually

1 Answer

4/23/2019

As far as I understand Helm client uses some random port for any attempt to connect to particular Tiller pod which is initially listening on port 44134, due to that fact I assume that any Helm client command enforce some port-forwarding, i.e kubectl port-forward from randomized port to the target port. Although, your Tiller Pod can be not included in Envoy proxy configuration(sidecar not injected), therefore Tiller Pod's container port remains not to be exposed to Istio proxy-config.

You may try to reach out some more information about debugging Envoy proxy via istioctl in official Istio tutorial.

-- mk_sta
Source: StackOverflow