K
Q

istio: route traffic between sidecar-enabled pods and non-sidecar-enabled pods

12/23/2019

If I enable Istio on some of my apps (but not all of them) using Manual sidecar injection, can I route traffic between non-based-Istio apps and Istio-based apps? If yes, is it still true if I enable Citadel? I'm wondering because I'd like to slowly enable the sidecar injection on my apps and migrate over. Do both Istio-based-apps and non-Istio-based apps still talk to each other (within cluster) via the normal Kubernetes service objects? Is there anything else I need to do in order to allow Istio and regular services to talk to each other?

I'm new to Istio, so any context is helpful.

-- Joe J
containers
envoyproxy
istio
kubernetes

Similar Questions

Prometheus alert manager doesnt send alert k8s
Can only access NodePort service through the worker node the app is running on
GitLab AutoDevops Environment Issues
redirecting from stderror seems to stop my gitlab-ci script
Does't work build image in kubernetes pod using jenkins
Service Deployed on kubernetes is not accessible by internet

1 Answer

1/3/2020

To highlight the proper solution to achieve your goal, as @Vadim Eisenberg mentioned:

You should set PERMISSIVE policy and set a destination rule for each non-istio service with tls mode "NONE".

-- Nepomucen
Source: StackOverflow