New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unable to connect only to external MongoDB v4.0 (AWS DocumentDB) & read replica DNS (Mongo v3.6 and primary DNS work) with istio-proxy #40646
Comments
1.8.2 is too old please follow this doc https://istio.io/latest/docs/ops/deployment/requirements/#server-first-protocols |
We have two EKS clusters and one of them uses istio 1.13.3. Still the same issue.
Also, the ServerEntry config is using spec:
hosts: # L7 host will be ignroed for L4 TCP/MONGO protocol
- mongo.tcp.svc
ports:
- number: 27017
name: aws-docdb
protocol: TCP # # specify TCP instead of MONGO if traffic is encrypted, because if the MongoDB protocol runs on top of TLS, then the encrypted MongoDB protocol cannot be parsed by the Istio proxy. Ref: https://preliminary.istio.io/blog/2018/egress-mongo/#control-tcp-egress-traffic-without-a-gateway Tried spec:
hosts: # L7 host will be ignroed for L4 TCP/MONGO protocol
- mongo.tcp.svc
ports:
- number: 27017
name: aws-docdb
protocol: MONGO
location: MESH_EXTERNAL
resolution: DNS |
what I say is the mTLS mode of istio, which should be |
It's already set to
|
$ k get peerauthentication --all-namespaces
NAMESPACE NAME MODE AGE
istio-system default PERMISSIVE 104d
staging-sandbox default DISABLE 10d The result is the same:
Is disabling mTLS in namespace enough for |
🚧 This issue or pull request has been closed due to not having had activity from an Istio team member since 2022-08-29. If you feel this issue or pull request deserves attention, please reopen the issue. Please see this wiki page for more information. Thank you for your contributions. Created by the issue and PR lifecycle manager. |
Bug Description
What does work:
What does NOT work:
Version
Additional Information
No response
The text was updated successfully, but these errors were encountered: