istio - debugging route for postgres that resolve to kubernetes external name service

Bump into an issue where we found out outgoing port for postgres 5432 are forwarded to a k8s external name service. 

It wasn't clear to us as this service resides in another namespace. To troubleshoot, how istio do the routing I use 

istioctl ps listerners <pod-name> -n your-nanespace 

Sure enough detected that:

0.0.0.0    ALL  5432 ---> External-serviceName.Other-Namespace.svc.kubernetes.local 


So how do you ensure istio route these to the right postgres instance in Azure or AWS, You need a serviceEntry

apiVersion: networking.istio.io/v1beta1
kind: ServiceEntry
metadata:
  name: external-svc-postgres
  namespace : my-namespace
spec:
  hosts:
  - mypostgress.database.azure.com
  exportTo:
  - "."  # Ensure this is not available to other namespace.
  location: MESH_EXTERNAL
  ports:
  - number: 5432
    name: mypostgres
    protocol: TCP
  resolution: DNS







Comments

Post a Comment

Popular posts from this blog

The specified initialization vector (IV) does not match the block size for this algorithm

Image
If you're getting  exception when trying to assigned key to a symmetric key and getting error message below :- The specified initialization vector (IV) does not match the block size for this algorithm And your code probably look like something below :- Then you need to go into debug mode and start looking into the supported size for IV as shown in diagram below :- As you can see, IV is 16 bytes, so you need to provide 16 bytes. The same goes for Key field too, if you're adding anything to it. As long as you provide a valid key size, then we're good and you're code will be ready.
Read more