Currently running an EKS 1.14 cluster with Istio 1.5.1 and STRICT global mTLS enabled. I have a StatefulSet that has multiple pods, where one pod is elected leader and the other pods need to communicate with the leader (think rabbitMQ, cassandra, kafka).
Without Istio the communication from podA to podB works without issues by running curl -v <podA-IP> on podB. With Istio however the curl returns
curl -v 10.0.20.28:9080
* Rebuilt URL to: 10.0.20.28:9080/
* Trying 10.0.20.28...
* TCP_NODELAY set
* Connected to 10.0.20.28 (10.0.20.28) port 9080 (#0)
> GET / HTTP/1.1
> Host: 10.0.20.28:9080
> User-Agent: curl/7.52.1
> Accept: */*
>
< HTTP/1.1 502 Bad Gateway
< date: Tue, 07 Apr 2020 14:51:59 GMT
< server: envoy
< content-length: 0
<
* Curl_http_done: called premature == 0
* Connection #0 to host 10.0.20.28 left intact
I understand that Istio is geared towards services and ideally we would just always use a service instead of a direct pod to pod connection, but in this case I do need to talk to a specific pod (whose IP is being propagated to the other pods).
Is there a way of contacting another pod by IP that is not:
Thanks in advance!
Edit: It seems to work with
curl -vvv -H "Host: serviceB" 10.0.20.28:port/pageas well, unless that's just
curl -v serviceB:port/pagein disguise.
Istio actually allows Pod to Pod. What you experience may be exactly the same problem I had here: Istio direct Pod to Pod communication.
You can read the thread, but in short you may be starting your communication before the Envoy sidecar is initialized, so some delaying may solve your issue.