K
Q

Istio allowing external traffic through without ServiceEntry?

8/23/2019

I deployed the sample sleep app.

kubectl apply -f samples/sleep/sleep.yaml  

kubectl get pods
NAME                      READY   STATUS    RESTARTS   AGE
httpbin-c868cf575-5tx5g   2/2     Running   0          2m56s
sleep-754684654f-k5ldh    2/2     Running   0          107s
kubectl get ServiceEntry --all-namespaces
No resources found.

Already I can exec in and curl an external site.

kubectl exec -it sleep-754684654f-k5ldh sh

/ # curl jsonplaceholder.typicode.com/users
[
  {
    "id": 1,
    "name": "Leanne Graham",
    "username": "Bret",
    "email": "Sincere@april.biz",
    "address": {
      "street": "Kulas Light",
      "suite": "Apt. 556",
      "city": "Gwenborough",
      "zipcode": "92998-3874",
      "geo": {
        "lat": "-37.3159",
        "lng": "81.1496"
      }
    },
    "phone": "1-770-736-8031 x56442",
    "website": "hildegard.org",
    "company": {
      "name": "Romaguera-Crona",
      "catchPhrase": "Multi-layered client-server neural-net",
      "bs": "harness real-time e-markets"
    }
  },
...
]/ #

I expected to be unable to do this by default and for the external traffic to be blocked requiring ServiceEntry to allow it, but I can already make external requests. Did I miss a step?

-- atkayla
istio
kubernetes

Similar Questions

iam ConfirmSubscription permissions error
Transfer cert-manager certificate from one cluster to another for e2e tests
Spring Cloud Kubernetes: Can't read configMap with name
kubernetes nginx ingress socket.io 400 error continously

0 Answers