I am using postgres installed from a bitnami helm chart in my istio service mesh. I am trying to access this database from outside of the cluster. When I hit the istio gateway that I have configured to allow TCP traffic to postgres in (using the go postgres driver, tested with my postgres db editor), the connection is refused.
Postgres connections are not showing up in the istio gateway proxy logs which indicates that they're not being read by istio as TCP (and therefore istio is not managing).
How do I get istio to recognize this traffic and send it to my postgres service?
Istio is routing http traffic to my other services correctly. Postgres is reachable on a Nodeport, or a port forward so I know that it is running.
istio gateway
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: my-app-gateway
spec:
selector:
istio: ingressgateway
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "*"
- port:
number: 5432
name: tcp-postgresql
protocol: TCP
hosts:
- "*"
- port:
number: 443
name: https
protocol: HTTPS
tls:
mode: SIMPLE
credentialName: my-tls
hosts:
- "*"
virtual service for postgres
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: postgres-vs
spec:
hosts:
- "*"
gateways:
- my-app-gateway
tcp:
- match:
- port: 5432
route:
- destination:
port:
number: 5432
host: my-postgresql
Postgres and the service it uses were created from the bitnami helm chart. I have verified that they have Istio proxy sidecars injected and running.
I have read that Istio cannot provide TLS origination for Postgres, does this mean that it cannot provide a connection for postgres over TCP at all?
