istio
44 строки · 1.8 Кб
1apiVersion: release-notes/v2
2kind: bug-fix
3area: traffic-management
4issue:
5- 29940
6upgradeNotes:
7- title: Inbound Forwarding Configuration
8content: |
9The behavior of inbound forwarding will be modified in the near future. While this change is not enabled
10by default in Istio 1.10, it can be enabled today by configuring the `PILOT_ENABLE_INBOUND_PASSTHROUGH=true` environment
11variable in Istiod.
12
13Previously, requests would be forwarded to `localhost`. This leads to two important differences compared to running applications
14without Istio:
15
16* Applications that bind to `localhost` will be exposed to external pods.
17* Applications that bind to `<POD_IP>` will not be exposed to external pods.
18
19The latter is a common source of friction when adopting Istio, in particular with stateful services where this is common.
20
21The new behavior instead forwards the request as is. This matches the behavior a user would see without Istio installed.
22However, as a result, applications that have come to rely on `localhost` being exposed externally by Istio, may stop working.
23
24The [check-binds.sh](https://gist.github.com/howardjohn/edcdbe5a85ae2e5ba7809739bd55c566) script can be used to detect what binds your applications are using.
25
26Regardless of Istio version, the behavior can be explicitly controlled by the `Sidecar`.
27For example, to configure the 9080 port to explicitly be sent to localhost:
28
29```yaml
30apiVersion: networking.istio.io/v1beta1
31kind: Sidecar
32metadata:
33name: ratings
34spec:
35workloadSelector:
36labels:
37app: ratings
38ingress:
39- port:
40number: 9080
41protocol: HTTP
42name: http
43defaultEndpoint: 127.0.0.1:9080
44```
45
46