Two-container pod and consul envoy proxy

dluongiop · March 17, 2022, 8:22pm

Hi,

We have a two-container application (c1, c2) in pod A that communicates with service pod B. In addition, c1 connects to c2 port 5530 inside pod A.
We setup service mesh with envoy proxy for pod A and B to secure service communication.

When c1 tries to connect to c2, we observed that envoy sidecar in pod A is connecting to c2 port 5530. We think this is because the port 5530 is set up as a service port on pod A so envoy automatically picked up the inbound ports. We tried to use annotation to exclude inbound port 5530 and set transparent-proxy to false but that didn’t help.

Question:
Is the current consul architecture not able to support a two-container pod as we have here?

I’d appreciate any feedback!

Thanks.

ishustava1 · March 21, 2022, 9:16pm

Hey @dluongiop

Are you using loopback (i.e. localhost or 127.0.0.1) for c1 to connect to c2? If so, then loopback traffic should automatically excluded from traffic redirection for tproxy and so you shouldn’t need to exclude that port.

There’s nothing in the consul architecture that would prevent loopback traffic between containers in a pod that I know of.

Topic		Replies	Views
Envoy integration question Consul	3	376	June 9, 2020
Multi service pods and consul connect Consul k8s	1	409	December 9, 2019
How to test connectivity from my service to my sidecar-proxy Consul	2	2824	September 28, 2019
Consul k8s service mesh security Consul service-mesh	2	530	April 18, 2021
Consul Transparent proxy and k8s network policies Consul consul-k8s	1	608	June 22, 2023

Two-container pod and consul envoy proxy

Related topics