we found a way to use istio + opensearch in the same namespace.
if someone is interested, here is the configuration:
namespace.yaml
apiVersion: v1
kind: Namespace
metadata:
name: my-namespace
labels:
istio-injection: enabled
peer-authentication.yaml
apiVersion: security.istio.io/v1beta1
kind: PeerAuthentication
metadata:
name: mtls-policy
namespace: my-namespace
spec:
mtls:
mode: STRICT
opensearch.yaml
apiVersion: opensearch.opster.io/v1
kind: OpenSearchCluster
metadata:
name: my-first-cluster
namespace: my-namespace
spec:
general:
httpPort: 9200
serviceName: my-first-cluster
version: 2.7.0
dashboards:
annotations:
traffic.sidecar.istio.io/includeInboundPorts: "*"
traffic.sidecar.istio.io/excludeOutboundPorts: "9200,9300"
traffic.sidecar.istio.io/excludeInboundPorts: "9200,9300"
version: 2.7.0
enable: true
replicas: 1
resources:
requests:
memory: "512Mi"
cpu: "200m"
limits:
memory: "512Mi"
cpu: "200m"
nodePools:
- component: nodes
replicas: 3
diskSize: "5Gi"
nodeSelector:
resources:
requests:
memory: "2Gi"
cpu: "500m"
limits:
memory: "2Gi"
cpu: "500m"
roles:
- "cluster_manager"
- "data"
annotations:
traffic.sidecar.istio.io/includeInboundPorts: "*"
traffic.sidecar.istio.io/excludeOutboundPorts: "9200,9300"
traffic.sidecar.istio.io/excludeInboundPorts: "9200,9300"
best regards,
Danjin