search

istio / community

Istio governance material.
https://istio.io/community
Apache License 2.0
2.82k stars 561 forks source link

Unable to establish Istio mtls between Mongodb, Kafka, PostgreSQL and microservices. #1435

Closed rachakondadharmendra closed 2 months ago

rachakondadharmendra commented 2 months ago

Hey Guys, Need a little help from you. We are stuck with enabling mtls in strict mode in a namespace where all my microservices ,mongo, kafka , and postgreSQL are running with istio-envoy. The connections are failing between microservices and mongo, kafka and postgresql.

Any suggestion would be helpful . Thanks in advance!!

similar to this issue. https://github.com/chasegame-alpha/istio-mtls/issues/1

Here is the log we are getting over istio-proxy container of mongodb. 

│ [2024-07-10T08:45:32.045Z] "- - -" 0 NR filter_chain_not_found - "-" 0 0 2 - "-" "-" "-" "-" "-" - - 10.10.123.120:27017 10.12.129.6:51244 - -                                                             │                     │
│ [2024-07-10T08:45:32.089Z] "- - -" 0 NR filter_chain_not_found - "-" 0 0 10 - "-" "-" "-" "-" "-" - - 10.10.123.120:27017 10.12.129.6:15275 - -                                                            │                     │
│ [2024-07-10T08:45:32.145Z] "- - -" 0 NR filter_chain_not_found - "-" 0 0 1 - "-" "-" "-" "-" "-" - - 10.10.123.120:27017 10.12.129.6:63103 - -                                                             │                     │
│ [2024-07-10T08:45:32.317Z] "- - -" 0 NR filter_chain_not_found - "-" 0 0 0 - "-" "-" "-" "-" "-" - - 10.10.123.120:27017 10.12.129.6:35621 - -                                                             │                     │
│ [2024-07-10T08:45:32.317Z] "- - -" 0 NR filter_chain_not_found - "-" 0 0 0 - "-" "-" "-" "-" "-" - - 10.10.123.120:27017 10.12.129.6:26324 - -                                                             │                     │
│ [2024-07-10T08:45:32.302Z] "- - -" 0 - - - "-" 633 0 39 - "-" "-" "-" "-" "10.12.129.6:30003" PassthroughCluster 10.10.123.120:40324 10.12.129.6:30003 10.10.123.120:40320 - -                            │                     │
│ [2024-07-10T08:45:32.303Z] "- - -" 0 - - - "-" 633 0 39 - "-" "-" "-" "-" "10.12.129.6:30003" PassthroughCluster 10.10.123.120:40326 10.12.129.6:30003 10.10.123.120:40322 - -                            │                     │
│ [2024-07-10T08:45:32.361Z] "- - -" 0 NR filter_chain_not_found - "-" 0 0 0 - "-" "-" "-" "-" "-" - - 10.10.123.120:27017 10.12.129.5:10590 - -                                                             │                     │
│ [2024-07-10T08:45:32.360Z] "- - -" 0 - - - "-" 633 0 3 - "-" "-" "-" "-" "10.12.129.5:30004" PassthroughCluster 10.10.123.120:42858 10.12.129.5:30004 10.10.123.120:42854 - -                             │                     │
│ [2024-07-10T08:45:32.369Z] "- - -" 0 NR filter_chain_not_found - "-" 0 0 3 - "-" "-" "-" "-" "-" - - 10.10.123.120:27017 10.12.122.123:49586 - -                                                          │                     │
│ [2024-07-10T08:45:32.398Z] "- - -" 0 NR filter_chain_not_found - "-" 0 0 0 - "-" "-" "-" "-" "-" - - 10.10.123.120:27017 10.10.123.127:36340 - -                                                          │                     │
│ [2024-07-10T08:45:32.411Z] "- - -" 0 NR filter_chain_not_found - "-" 0 0 0 - "-" "-" "-" "-" "-" - - 10.10.123.120:27017 10.12.129.6:3178 - -                                                              │                     │
│ [2024-07-10T08:45:32.411Z] "- - -" 0 NR filter_chain_not_found - "-" 0 0 0 - "-" "-" "-" "-" "-" - - 10.10.123.120:27017 10.12.129.6:28600 - -                                                             │                     │
│ [2024-07-10T08:45:32.433Z] "- - -" 0 - - - "-" 614 0 18 - "-" "-" "-" "-" "10.12.129.6:30003" PassthroughCluster 10.10.123.120:40358 10.12.129.6:30003 10.10.123.120:40356 - -                            │                     │
│ [2024-07-10T08:45:32.455Z] "- - -" 0 - - - "-" 614 0 12 - "-" "-" "-" "-" "10.12.129.6:30003" PassthroughCluster 10.10.123.120:40364 10.12.129.6:30003 10.10.123.120:40362 - -                            │                     │
│ [2024-07-10T08:45:32.471Z] "- - -" 0 - - - "-" 614 0 14 - "-" "-" "-" "-" "10.12.129.6:30003" PassthroughCluster 10.10.123.120:40368 10.12.129.6:30003 10.10.123.120:40366 - -                            │                     │
│ [2024-07-10T08:45:32.676Z] "- - -" 0 NR filter_chain_not_found - "-" 0 0 10 - "-" "-" "-" "-" "-" - - 10.10.123.120:27017 10.12.129.6:34452 - -                                                            │                     │
│ [2024-07-10T08:45:32.711Z] "- - -" 0 NR filter_chain_not_found - "-" 0 0 2 - "-" "-" "-" "-" "-" - - 10.10.123.120:27017 10.10.123.127:53706 - -                                                          │                     │
│ [2024-07-10T08:45:32.877Z] "- - -" 0 NR filter_chain_not_found - "-" 0 0 0 - "-" "-" "-" "-" "-" - - 10.10.123.120:27017 10.12.129.5:50764 - -                                                             │                     │
│ [2024-07-10T08:45:32.874Z] "- - -" 0 - - - "-" 633 0 4 - "-" "-" "-" "-" "10.12.129.5:30004" PassthroughCluster 10.10.123.120:42944 10.12.129.5:30004 10.10.123.120:42942 - -                             │                     │
│ [2024-07-10T08:45:32.862Z] "- - -" 0 - - - "-" 633 0 31 - "-" "-" "-" "-" "10.12.129.6:30003" PassthroughCluster 10.10.123.120:40412 10.12.129.6:30003 10.10.123.120:40408 - -                            │                     │
│ [2024-07-10T08:45:32.861Z] "- - -" 0 - - - "-" 633 0 35 - "-" "-" "-" "-" "10.12.129.6:30003" PassthroughCluster 10.10.123.120:40414 10.12.129.6:30003 10.10.123.120:40406 - -                            │                     │
│ [2024-07-10T08:45:32.865Z] "- - -" 0 - - - "-" 625 0 33 - "-" "-" "-" "-" "10.12.129.6:30003" PassthroughCluster 10.10.123.120:40416 10.12.129.6:30003 10.10.123.120:40410 - -                            │                     │
│ [2024-07-10T08:45:32.932Z] "- - -" 0 NR filter_chain_not_found - "-" 0 0 0 - "-" "-" "-" "-" "-" - - 10.10.123.120:27017 10.10.123.127:36422 - -                                                          │                     │
│ [2024-07-10T08:45:32.950Z] "- - -" 0 NR filter_chain_not_found - "-" 0 0 0 - "-" "-" "-" "-" "-" - - 10.10.123.120:27017 10.10.123.127:36430 - -                                                          │                     │
│ [2024-07-10T08:45:33.013Z] "- - -" 0 NR filter_chain_not_found - "-" 0 0 1 - "-" "-" "-" "-" "-" - - 10.10.123.120:27017 10.12.129.6:4921 - -                                                              │                     │
│ [2024-07-10T08:45:33.015Z] "- - -" 0 NR filter_chain_not_found - "-" 0 0 7 - "-" "-" "-" "-" "-" - - 10.10.123.120:27017 10.12.129.6:38600 - -                                                             │                     │
│ [2024-07-10T08:45:32.994Z] "- - -" 0 - - - "-" 614 0 56 - "-" "-" "-" "-" "10.12.129.6:30003" PassthroughCluster 10.10.123.120:40442 10.12.129.6:30003 10.10.123.120:40440 - -                            │                     │
│ [2024-07-10T08:45:33.088Z] "- - -" 0 NR filter_chain_not_found - "-" 0 0 0 - "-" "-" "-" "-" "-" - - 10.10.123.120:27017 10.12.129.6:48008 - -                                                             │                     │
│ [2024-07-10T08:45:33.086Z] "- - -" 0 NR filter_chain_not_found - "-" 0 0 0 - "-" "-" "-" "-" "-" - - 10.10.123.120:27017 10.12.129.6:18370 - -                                                             │                     │
│ [2024-07-10T08:45:33.069Z] "- - -" 0 - - - "-" 614 0 29 - "-" "-" "-" "-" "10.12.129.6:30003" PassthroughCluster 10.10.123.120:40446 10.12.129.6:30003 10.10.123.120:40444 - -                            │                     │
│ [2024-07-10T08:45:33.102Z] "- - -" 0 - - - "-" 614 0 19 - "-" "-" "-" "-" "10.12.129.6:30003" PassthroughCluster 10.10.123.120:40450 10.12.129.6:30003 10.10.123.120:40448 - -                            │                     │
│ [2024-07-10T08:45:33.214Z] "- - -" 0 NR filter_chain_not_found - "-" 0 0 8 - "-" "-" "-" "-" "-" - - 10.10.123.120:27017 10.12.129.6:43209 - -                                                             │                     │
│ [2024-07-10T08:45:33.390Z] "- - -" 0 NR filter_chain_not_found - "-" 0 0 0 - "-" "-" "-" "-" "-" - - 10.10.123.120:27017 10.12.129.5:29763 - -                                                             │                     │
│ [2024-07-10T08:45:33.382Z] "- - -" 0 - - - "-" 633 0 10 - "-" "-" "-" "-" "10.12.129.5:30004" PassthroughCluster 10.10.123.120:43002 10.12.129.5:30004 10.10.123.120:43000 - -                            │                     │
│ [2024-07-10T08:45:33.418Z] "- - -" 0 - - - "-" 633 0 25 - "-" "-" "-" "-" "10.12.129.6:30003" PassthroughCluster 10.10.123.120:40488 10.12.129.6:30003 10.10.123.120:40484 - -                            │                     │
│ [2024-07-10T08:45:33.419Z] "- - -" 0 - - - "-" 633 0 24 - "-" "-" "-" "-" "10.12.129.6:30003" PassthroughCluster 10.10.123.120:40490 10.12.129.6:30003 10.10.123.120:40486 - -                            │                     │
│ [2024-07-10T08:45:33.507Z] "- - -" 0 NR filter_chain_not_found - "-" 0 0 1 - "-" "-" "-" "-" "-" - - 10.10.123.120:27017 10.12.122.123:49740 - -                                                          │                     │
│ [2024-07-10T08:45:33.602Z] "- - -" 0 NR filter_chain_not_found - "-" 0 0 3 - "-" "-" "-" "-" "-" - - 10.10.123.120:27017 10.10.123.127:36504 - -                                                          │                     │
│ [2024-07-10T08:45:33.666Z] "- - -" 0 NR filter_chain_not_found - "-" 0 0 1 - "-" "-" "-" "-" "-" - - 10.10.123.120:27017 10.12.129.6:5978 - -                                                              │                     │
│
howardjohn commented 2 months ago

https://github.com/istio/istio/issues/51982 dupe