前言

今天主要針對Mysql or Mariadb的應用，有碰到的問題跟大家分享

Connection Failure to a MySQL Service

有兩種方式可以解決

Option I Disable Mutual TLS

kubectl apply -f - <<EOF
apiVersion: "authentication.istio.io/v1alpha1"
kind: "Policy"
metadata:
  name: mysql-nomtls-authn
spec:
  targets:
  - name: YOUR-MYSQL-SERVICE     # The name of *your* K8s Service
EOF

Option II Enable mutual TLS in STRICT mode

kubectl apply -f - <<EOF
apiVersion: "authentication.istio.io/v1alpha1"
kind: "Policy"
metadata:
  name: mysql-mtls-authn
spec:
  targets:
  - name: YOUR-MYSQL-SERVICE     # The name of *your* K8s Service
  peers:
  - mtls:
      mode: STRICT
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
  name: mysql-mtls-dr
spec:
  host: YOUR-MYSQL-SERVICE     # The name of *your* K8s Service
  trafficPolicy:
    tls:
      mode: ISTIO_MUTUAL
EOF

結語

原因是因為istio install的時候預設模式是採用PERMISSIVE。因此需要加入Policy才能正常運作