I am trying to remote-debug a java application running in Openshift with Istio, therefore as a pod with one docker container with the app itself and another one container with the Envoy proxy.
I have set up the debug arguments on the java process:
-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=5005
and the process has the port opened, and wrote:
Listening for transport dt_socket at address: 5005
However, when I try to connect to that both from outside and from the container itself, I get:
> jdb -attach 172.17.0.8:5005
java.io.IOException: handshake failed - connection prematurally closed
at com.sun.tools.jdi.SocketTransportService.handshake(SocketTransportService.java:136)
at com.sun.tools.jdi.SocketTransportService.attach(SocketTransportService.java:232)
at com.sun.tools.jdi.GenericAttachingConnector.attach(GenericAttachingConnector.java:116)
at com.sun.tools.jdi.SocketAttachingConnector.attach(SocketAttachingConnector.java:90)
at com.sun.tools.example.debug.tty.VMConnection.attachTarget(VMConnection.java:519)
at com.sun.tools.example.debug.tty.VMConnection.open(VMConnection.java:328)
at com.sun.tools.example.debug.tty.Env.init(Env.java:63)
at com.sun.tools.example.debug.tty.TTY.main(TTY.java:1066)
Fatal error:
Unable to attach to target VM.
My suspicion is that this is related to the proxying by Istio which does not understand the JDWP and messes with that (to my surprise even when accessing from withing the container using
oc exec -it myservice-42-abcdef -c myservice bash
but I can't check iptables from the container as I don't have root there).
Is my suspect correct? How can I disable the proxying on certain ports?
