1.7 KiB
| title | description | weight | keywords | ||
|---|---|---|---|---|---|
| MySQL Connectivity Troubleshooting | Troubleshooting MySQL connectivity issue due to PERMISSIVE mode. | 95 |
|
You may find MySQL can't connect after installing Istio. This is because of PERMISSIVE mode which is enabled in istio-demo.yaml by default, does not work with MySQL. You may see error messages such as "ERROR 2013 (HY000): Lost connection to MySQL server at 'reading initial communication packet', system error: 0".
There have two options to solve the problem.
-
Disable Mutual TLS.
Choose this option if you don't want Istio mutual TLS. You achieve this by disabling mutual TLS on the MySQL service explicitly.
{{< text syntax="bash" >}} $ kubectl apply -f - <<EOF apiVersion: "authentication.istio.io/v1alpha1" kind: "Policy" metadata: name: mysql-nomtls-authn spec: targets:
- name: YOUR-MYSQL-SERVICE # The name of your K8s Service EOF {{< /text >}}
-
Enable mutual TLS in STRICT mode.
If you want mutual TLS protection for MySQL, enable mutual TLS using a destination rule and an authentication policy.
{{< text syntax="bash" >}} $ kubectl apply -f - <<EOF apiVersion: "authentication.istio.io/v1alpha1" kind: "Policy" metadata: name: mysql-mtls-authn spec: targets:
- name: YOUR-MYSQL-SERVICE # The name of your K8s Service peers:
- mtls: mode: STRICT
apiVersion: networking.istio.io/v1alpha3 kind: DestinationRule metadata: name: mysql-mtls-dr spec: host: YOUR-MYSQL-SERVICE # The name of your K8s Service trafficPolicy: tls: mode: ISTIO_MUTUAL EOF {{< /text >}}