1.8 KiB
| title | description | weight | keywords | ||
|---|---|---|---|---|---|
| MySQL Connectivity Troubleshooting | Troubleshooting MySQL connectivity issue due to PERMISSIVE mode. | 95 |
|
You may find MySQL can't connect after installing Istio. This is because of PERMISSIVE mode,
which is enabled in the demo configuration profile,
does not work with MySQL.
You may see error messages such as ERROR 2013 (HY000): Lost connection to MySQL server at 'reading initial communication packet', system error: 0.
There have two options to solve the problem.
-
Disable Mutual TLS.
Choose this option if you don't want Istio mutual TLS. You achieve this by disabling mutual TLS on the MySQL service explicitly.
{{< text syntax="bash" >}} $ kubectl apply -f - <<EOF apiVersion: "authentication.istio.io/v1alpha1" kind: "Policy" metadata: name: mysql-nomtls-authn spec: targets:
- name: YOUR-MYSQL-SERVICE # The name of your K8s Service EOF {{< /text >}}
-
Enable mutual TLS in STRICT mode.
If you want mutual TLS protection for MySQL, enable mutual TLS using a destination rule and an authentication policy.
{{< text syntax="bash" >}} $ kubectl apply -f - <<EOF apiVersion: "authentication.istio.io/v1alpha1" kind: "Policy" metadata: name: mysql-mtls-authn spec: targets:
- name: YOUR-MYSQL-SERVICE # The name of your K8s Service peers:
- mtls: mode: STRICT
apiVersion: networking.istio.io/v1alpha3 kind: DestinationRule metadata: name: mysql-mtls-dr spec: host: YOUR-MYSQL-SERVICE # The name of your K8s Service trafficPolicy: tls: mode: ISTIO_MUTUAL EOF {{< /text >}}