You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In our cluster, we have istio mesh deployed on a whole namespace (so all pods in that namespace have an istio sidecar attached), and an ingress gateway (IG) pointed to a pod in that namespace. Now when I try to access the public address of that IG from a pod inside the cluster, the IG's access log shows that the source IP of the request is the internal IP of that pod (10.x.x.x) instead of the internet IP of the cluster. Since we have to put a whitelist on the IG, it's really weird to put a 10.x.x.x range on the whitelist. So the question is, can this behavior of routing traffic inside the cluster without leaving the cluster be changed?
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
In our cluster, we have istio mesh deployed on a whole namespace (so all pods in that namespace have an istio sidecar attached), and an ingress gateway (IG) pointed to a pod in that namespace. Now when I try to access the public address of that IG from a pod inside the cluster, the IG's access log shows that the source IP of the request is the internal IP of that pod (10.x.x.x) instead of the internet IP of the cluster. Since we have to put a whitelist on the IG, it's really weird to put a 10.x.x.x range on the whitelist. So the question is, can this behavior of routing traffic inside the cluster without leaving the cluster be changed?
Beta Was this translation helpful? Give feedback.
All reactions