Running helm commands in a pod with istio-proxy

4/10/2019

I am using istio-1.1.1. I have a pod which basically can run helm comands. If I disable istio-proxy, I can easily run commands like

helm status --debug
[debug] Created tunnel using local port: '41683'

[debug] SERVER: "127.0.0.1:41683"

The port number changes everytime.

However, when I enable istio-proxy, I get the following error:

# helm status --debug
Error: an error on the server ("") has prevented the request from succeeding (get pods)`

How can I debug this issue? Does it have anything to do with egress?

-- kosta
google-kubernetes-engine
istio
kubernetes-helm

1 Answer

4/23/2019

As far as I understand Helm client uses some random port for any attempt to connect to particular Tiller pod which is initially listening on port 44134, due to that fact I assume that any Helm client command enforce some port-forwarding, i.e kubectl port-forward from randomized port to the target port. Although, your Tiller Pod can be not included in Envoy proxy configuration(sidecar not injected), therefore Tiller Pod's container port remains not to be exposed to Istio proxy-config.

You may try to reach out some more information about debugging Envoy proxy via istioctl in official Istio tutorial.

-- mk_sta
Source: StackOverflow