[英]istio: route traffic between sidecar-enabled pods and non-sidecar-enabled pods
If I enable Istio on some of my apps (but not all of them) using Manual sidecar injection, can I route traffic between non-based-Istio apps and Istio-based apps?如果我使用手动 sidecar 注入在我的一些应用程序(但不是全部)上启用 Istio,我可以在非基于 Istio 的应用程序和基于 Istio 的应用程序之间路由流量吗? If yes, is it still true if I enable Citadel?
如果是,如果我启用 Citadel 是否仍然正确? I'm wondering because I'd like to slowly enable the sidecar injection on my apps and migrate over.
我想知道,因为我想慢慢地在我的应用程序上启用 sidecar 注入并迁移过来。 Do both Istio-based-apps and non-Istio-based apps still talk to each other (within cluster) via the normal Kubernetes service objects?
基于 Istio 的应用程序和非基于 Istio 的应用程序是否仍然通过正常的 Kubernetes 服务对象相互通信(在集群内)? Is there anything else I need to do in order to allow Istio and regular services to talk to each other?
我还需要做些什么才能让 Istio 和常规服务相互通信?
I'm new to Istio, so any context is helpful.我是 Istio 的新手,所以任何上下文都有帮助。
To highlight the proper solution to achieve your goal, as @Vadim Eisenberg mentioned:正如@Vadim Eisenberg 提到的,为了突出实现目标的正确解决方案:
You should set PERMISSIVE policy and set a destination rule for each non-istio service with tls mode "NONE".
您应该设置 PERMISSIVE 策略并为每个非 istio 服务设置目标规则,tls 模式为“NONE”。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.