istio: route traffic between sidecar-enabled pods and non-sidecar-enabled pods

12/23/2019

If I enable Istio on some of my apps (but not all of them) using Manual sidecar injection, can I route traffic between non-based-Istio apps and Istio-based apps? If yes, is it still true if I enable Citadel? I'm wondering because I'd like to slowly enable the sidecar injection on my apps and migrate over. Do both Istio-based-apps and non-Istio-based apps still talk to each other (within cluster) via the normal Kubernetes service objects? Is there anything else I need to do in order to allow Istio and regular services to talk to each other?

I'm new to Istio, so any context is helpful.

-- Joe J
containers
envoyproxy
istio
kubernetes

1 Answer

1/3/2020

To highlight the proper solution to achieve your goal, as @Vadim Eisenberg mentioned:

You should set PERMISSIVE policy and set a destination rule for each non-istio service with tls mode "NONE".

-- Nepomucen
Source: StackOverflow