DocumentationAPI Reference

Collisions within the cluster when redirecting traffic destined to amazon APIs

Suggest Edits

The Problem

kube2iam uses iptables to redirect traffic to Amazon IP (169.254.169.254). This conflicts with Istio's iptables.

It may be better to treat this as external traffic; see here.

Solution

Apply the following yaml, which should fix the issue:

apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
name: apipa
spec:
hosts:

169.254.169.254
ports:
number: 80
name: http
protocol: HTTP
resolution: DNS
location: MESH_EXTERNAL

Updated almost 4 years ago