-
Notifications
You must be signed in to change notification settings - Fork 16.9k
[stable/redis] Support for istio #20481
Comments
I guess it could be related with Redis chart services not following the Istio specifications for port names on services. Check for instance the changes we did on PostgreSQL to comply with Istio requirements: |
I got it working with Istio istio/istio#8374 (comment) , but... I miserably stumbled on the even if you hack the redis configuration in a pod... you won't manage to get all the ingressgateways listed, as it is designed for only one IP at a time... so, the only chance would be to have a LB in front |
p.s. might be that giving an IP/fqdn of a loadbalancer in the configuration, will cause sentinel's designed mechanisms of monitoring and fail over to go wild, @antirez? |
for everyone else... SENTINEL, if asked about the instances... it won't answer with the IPs the client shall connect to from outside the cluster, but each POD's private IP... which would not be reachable from an application outside the cluster... the logic will fail
thanks @szottE for guiding me through this ;) |
@glentakahashi I'm not 100% (re-reading ur ticket) if I tackled your same problem, since you are talking of Egress, instead I have in inbound connectivity/logic issue of the application (redis/sentinel) itself |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Any further update will cause the issue/pull request to no longer be considered stale. Thank you for your contributions. |
I would like to mention that this chart has been deprecated and moved to https://github.com/bitnami/charts/tree/master/bitnami/redis Find more information at https://github.com/helm/charts/tree/master/stable/redis#this-helm-chart-is-deprecated |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Any further update will cause the issue/pull request to no longer be considered stale. Thank you for your contributions. |
This issue is being automatically closed due to inactivity. |
Is your feature request related to a problem? Please describe.
Right now the Egress rules if you set networkPolicy = true don't work for Istio.
Describe the solution you'd like
I'm not 100% sure what the egress ports needed for istio are, but once I figure them out I can submit another PR. I'm also not sure if we would also maybe want to use a namespace selector for
kube-system
here? Or potentially even blanket allow egress to thekube-system
egressDescribe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.
Additional context
Add any other context or screenshots about the feature request here.
The text was updated successfully, but these errors were encountered: