K
Q

Connecting grafana (outside service mesh) to datasource inside the service mesh

8/1/2019

When trying to add a Postgresql data source (running inside the service mesh/ with sidecar) to Grafana (running outside service mesh/ without sidecar), a connection cannot be established, however it is able to translate the fully qualified domain name ({app}.{namespace}.svc.cluster.local) into the correct IP address for the service.

I have attempted pinging the grafana pod from the Postgres pod by exec-ing in, which times out but correctly translates the FQDN to the IP address.

Postgres logs do not show any errors or connection attempts, grafana logs show a 500 error when trying to "Save & Test" the datasource in the grafana dashboard.

Expected behaviour is a successful connection to the datasource, would I have to configure a certain istio object to enable the out-of-service-mesh dashboard/pod to access the in-service-mesh datasource/pod.

-- Danny Jackson
datasource
grafana
istio
kubernetes
postgresql

Similar Questions

What's the shortest way to add a label to a Pod using the Kubernetes go-client
How to run a pod with multiple commands and keeping an interactive shell after that with kubectl?
Only two master nodes are up in Kubernetes cluster with kops in AWS
How to make sure az kubectl credentials do not expire and kubectl can be run by scripts on production?
How to list all securityContext of kubernetes pod and its container
How to create a Kubernetes deployment using the Node.js SDK
How to run multiple hazelcast cluster in one deployment?
Create GKE cluster and namespace with Terraform

1 Answer

8/3/2019

You can use PERMISSIVE mTLS mode - see https://istio.io/docs/tasks/security/mtls-migration/.

-- Vadim Eisenberg
Source: StackOverflow