iT邦幫忙

第 11 屆 iT 邦幫忙鐵人賽

DAY 26
0
DevOps

Kubernetes and Istio 三十天系列 第 26

[Day26] Mysql or Mariadb Policy

前言

今天主要針對Mysql or Mariadb的應用,有碰到的問題跟大家分享

Connection Failure to a MySQL Service

有兩種方式可以解決

Option I Disable Mutual TLS

kubectl apply -f - <<EOF
apiVersion: "authentication.istio.io/v1alpha1"
kind: "Policy"
metadata:
  name: mysql-nomtls-authn
spec:
  targets:
  - name: YOUR-MYSQL-SERVICE     # The name of *your* K8s Service
EOF

Option II Enable mutual TLS in STRICT mode

kubectl apply -f - <<EOF
apiVersion: "authentication.istio.io/v1alpha1"
kind: "Policy"
metadata:
  name: mysql-mtls-authn
spec:
  targets:
  - name: YOUR-MYSQL-SERVICE     # The name of *your* K8s Service
  peers:
  - mtls:
      mode: STRICT
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
  name: mysql-mtls-dr
spec:
  host: YOUR-MYSQL-SERVICE     # The name of *your* K8s Service
  trafficPolicy:
    tls:
      mode: ISTIO_MUTUAL
EOF

結語

原因是因為istio install的時候預設模式是採用PERMISSIVE。因此需要加入Policy才能正常運作


上一篇
[Day25] Istio Example BookInfo - Traffic Management V
下一篇
[Day27] gRPC Istio 應用
系列文
Kubernetes and Istio 三十天30

尚未有邦友留言

立即登入留言