I am using istio-1.1.1. I have a pod which basically can run helm comands. If I disable istio-proxy
, I can easily run commands like
helm status --debug
[debug] Created tunnel using local port: '41683'
[debug] SERVER: "127.0.0.1:41683"
The port number changes everytime.
However, when I enable istio-proxy
, I get the following error:
# helm status --debug
Error: an error on the server ("") has prevented the request from succeeding (get pods)`
How can I debug this issue? Does it have anything to do with egress?
As far as I understand Helm client uses some random port for any attempt to connect to particular Tiller
pod which is initially listening on port 44134, due to that fact I assume that any Helm client command enforce some port-forwarding, i.e kubectl port-forward
from randomized port to the target port. Although, your Tiller
Pod can be not included in Envoy proxy configuration(sidecar not injected), therefore Tiller Pod's container port remains not to be exposed to Istio proxy-config
.
You may try to reach out some more information about debugging Envoy proxy via istioctl
in official Istio tutorial.