Menu
I run istio on Kubernetes. I want to know how the envoy sidecar works. For example, after sidecar is injected into the pod, the original container cannot access the outer network without EgressRule. How does it work?
555
All the traffic inside the pod is captured by iptables commands and directed to the sidecar proxy. Then the sidecar proxy performs routing, according to routing tables it receives from Istio Pilot (a part of the Istio Control Plane). The routing tables are based on the Kubernetes services and on the Istio RouteRules. Since Istio cannot know anything about the external services, it cannot route the traffic to the external services without an EgressRule defined. EgressRules define the routing tables for the external services.
196
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
