Ingesting to Logstash Beat through Istio Gateway Ingress

I have exposed port 5044 through an Istio gateway/virtual service for Logstash beats ingestion. All other ports defined in this gateway/VS are accessible through Istio, but 5044 is not. However, the service it points to is accessible from within my cluster.

# Source: elk/templates/gateway.yaml
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: elk-gateway
  labels:
    heritage: "Helm"
    release: "elk"
    chart: "elk"
    app: "elk"
  annotations:
spec:
  selector:
    istio: ingressgateway
  servers: 
    - hosts:
      - elk.example.com
      port:
        name: https-kibana
        number: 443
        protocol: HTTPS
      tls:
        mode: PASSTHROUGH
    - hosts:
      - elk.example.com
      port:
        name: http-kibana
        number: 80
        protocol: HTTP
      tls:
        httpsRedirect: true
    - hosts:
      - elk.example.com
      port:
        name: https-elasticsearch
        number: 9200
        protocol: HTTPS
      tls:
        mode: PASSTHROUGH
    - hosts:
      - elk.example.com
      port:
        name: tls-beat
        number: 5044
        protocol: TLS
      tls:
        mode: PASSTHROUGH
---
# Source: elk/templates/virtualservice.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: "elk-vs"
  labels:
    heritage: "Helm"
    release: "elk"
    chart: "elk"
    app: "elk"
  annotations:
spec:
  gateways: [ "elk-gateway" ]
  hosts: 
    - elk.example.com
  tls: 
    - match:
      - port: 443
        sni_hosts:
        - elk.example.com
      route:
      - destination:
          host: elk-kibana
          port:
            number: 5601
    - match:
      - port: 9200
        sni_hosts:
        - elk.example.com
      route:
      - destination:
          host: elk-es-data-headless
          port:
            number: 9200
    - match:
      - port: 5044
        sni_hosts:
        - elk.example.com
      route:
      - destination:
          host: elk-logstash-beat
          port:
            number: 5044

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.