Menu
The docs state that Envoy proxies "...mediate and control all network communication between microservices": https://istio.io/latest/docs/ops/deployment/architecture/
How does that work? When I want my program to make connection to an arbitrary hostname, say, "google.com" or "something.default.svc.cluster.local", I'll make two OS calls: gethostbyname and connect. How would Envoy, running in another container, "intercept" this? How will it know when I'm accessing "google.com" or a k8s service?
If there is an online doc that explains it, I'd appreciate a link.
441
Istio has an Init Container which redirects traffic from/to the application container to the sidecar using iptables. This article from Istio documentation explains it.
There is also an alternative using CNI instead of the Init container.
75
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
