search

arielb135 / RabbitMQ-with-istio-MTLS

RabbitMQ stateful deployment with istio service mesh, and with MTLS enabled.
The Unlicense
56 stars 8 forks source link

rmq pods do not form cluster with istio 1.6.8 mtls #3

Open satishmane opened 4 years ago

satishmane commented 4 years ago

Hi @arielb135

Your example was quite good to understand. I setup accordingly. but still 3 pod rmq cluster does not form. I can see only one pod in cluster. Am I missing something?

`apiVersion: "security.istio.io/v1beta1" kind: "PeerAuthentication" metadata: name: dp-rabbitmq namespace: dp spec: selector: matchLabels: app: rabbitmq mtls: mode: STRICT portLevelMtls: #{} 4369: mode: DISABLE

apiVersion: networking.istio.io/v1alpha3 kind: ServiceEntry metadata: labels: app: rabbitmq release: dp-rabbitmq name: rabbitmq namespace: dp spec: hosts:

matthewd98 commented 3 years ago

The only thing I needed to do to get RabbitMQ clusters to work within Istio is to annotate the RabbitMQ pods as such:

apiVersion: rabbitmq.com/v1beta1
kind: RabbitmqCluster
metadata:
spec:
  override:
  statefulSet:
    spec:
      template:
        metadata:
          annotations:
            #annotate rabbitMQ pods to only redirect traffic on ports 15672 and 5672 to Envoy proxy sidecars.
            **traffic.sidecar.istio.io/includeInboundPorts: "15672, 5672"          
            traffic.sidecar.istio.io/includeOutboundPorts: "15672, 5672"**

For some reason the exclude port annotations weren't working so I just flipped it by using include port annotations. In my case, the global Istio config is controlled by another team in the company so perhaps there's a clash when trying to use the exclude port annotations.