istio:在启用 sidecar 的 pod 和非启用 sidecar 的 pod 之间路由流量
[英]istio: route traffic between sidecar-enabled pods and non-sidecar-enabled pods
问题描述
If I enable Istio on some of my apps (but not all of them) using Manual sidecar injection, can I route traffic between non-based-Istio apps and Istio-based apps?
如果我使用手动 sidecar 注入在我的一些应用程序(但不是全部)上启用 Istio,我可以在非基于 Istio 的应用程序和基于 Istio 的应用程序之间路由流量吗? If yes, is it still true if I enable Citadel?如果是,如果我启用 Citadel 是否仍然正确? I'm wondering because I'd like to slowly enable the sidecar injection on my apps and migrate over.我想知道,因为我想慢慢地在我的应用程序上启用 sidecar 注入并迁移过来。 Do both Istio-based-apps and non-Istio-based apps still talk to each other (within cluster) via the normal Kubernetes service objects?基于 Istio 的应用程序和非基于 Istio 的应用程序是否仍然通过正常的 Kubernetes 服务对象相互通信(在集群内)? Is there anything else I need to do in order to allow Istio and regular services to talk to each other?我还需要做些什么才能让 Istio 和常规服务相互通信?
I'm new to Istio, so any context is helpful.我是 Istio 的新手,所以任何上下文都有帮助。
1 个解决方案
解决方案1
1 已采纳
To highlight the proper solution to achieve your goal, as @Vadim Eisenberg mentioned:正如@Vadim Eisenberg 提到的,为了突出实现目标的正确解决方案:
You should set PERMISSIVE policy and set a destination rule for each non-istio service with tls mode "NONE".
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.