I have two workloads deployed in cluster1 and cluster2 within same VPC and within same namespace. I need to allow communication between them using services, I am creating same namespaces in two clusters and two deployments with services
apiVersion: v1
kind: Namespace
metadata:
labels:
istio.io/rev: asm-managed-stable
name: test1
annotations:
mesh.cloud.google.com/proxy: '{"managed": true}'
---
apiVersion: v1
kind: Service
metadata:
name: test-v1
namespace: test1
spec:
selector:
app: test-v1
ports:
- protocol: TCP
port: 8080
targetPort: 8080
type: ClusterIP
---
apiVersion: v1
kind: Service
metadata:
name: test-v2
namespace: test1
spec:
selector:
app: test-v2
ports:
- protocol: TCP
port: 8080
targetPort: 8080
type: ClusterIP
And I am trying to access service test-v2 from the first deployment by the url http://test-v2.test1.svc.cluster.local:8080 and there is no access.
UPD: I have found that problem is in DNS resolving, it is not possible to multicluster resolve service DNS without dns proxy. So the question is it possible to access services through dns names without istio dns proxy?
Communication possible within internal service IPs, to allow communication using DNS service names add dns proxy annotations to pod
kind: Deployment
metadata:
name: sleep
spec:
...
template:
metadata:
annotations:
proxy.istio.io/config: |
proxyMetadata:
ISTIO_META_DNS_CAPTURE: "true"
ISTIO_META_DNS_AUTO_ALLOCATE: "true"