K
Q

Internal mesh communication is ignoring settings from the virtual service

11/19/2018

I'm trying to inject an HTTP status 500 fault in the bookinfo example.

I managed to inject a 500 error status when the traffic is coming from the Gateway with:

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: bookinfo
  namespace: default
spec:
  gateways:
  - bookinfo-gateway
  hosts:
  - '*'
  http:
  - fault:
       abort:
          httpStatus: 500
          percent: 100
    match:
    - uri:
        prefix: /api/v1/products
    route:
    - destination:
        host: productpage
        port:
          number: 9080

Example:

$ curl $(minikube ip):30890/api/v1/products
fault filter abort

But, I fails to achieve this for traffic that is coming from other pods:

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: bookinfo
  namespace: default
spec:
  gateways:
  - mesh
  hosts:
  - productpage
  http:
  - fault:
       abort:
          httpStatus: 500
          percent: 100
    match:
    - uri:
        prefix: /api/v1/products
    route:
    - destination:
        host: productpage
        port:
          number: 9080

Example:

# jump into a random pod
$ kubectl exec -ti details-v1-dasa231 -- bash

root@details $ curl productpage:9080/api/v1/products
[{"descriptionHtml": ... <- actual product list, I expect a http 500
  • I tried using the FQDN for the host productpage.svc.default.cluster.local but I get the same behavior.

  • I checked the proxy status with istioctl proxy-status everything is synced.

  • I tested if the istio-proxy is injected into the pods, it is:

Pods:

NAME                             READY   STATUS    RESTARTS   AGE
details-v1-6764bbc7f7-bm9zq      2/2     Running   0          4h
productpage-v1-54b8b9f55-72hfb   2/2     Running   0          4h
ratings-v1-7bc85949-cfpj2        2/2     Running   0          4h
reviews-v1-fdbf674bb-5sk5x       2/2     Running   0          4h
reviews-v2-5bdc5877d6-cb86k      2/2     Running   0          4h
reviews-v3-dd846cc78-lzb5t       2/2     Running   0          4h

I'm completely stuck and not sure what to check next. I feel like I am missing something very obvious.

I would really appreciate any help on this topic.

-- Igor Šarčević
istio
kubernetes

Similar Questions

error marking master: timed out waiting for the condition [kubernetes]
Accessing Kubernetes API using username and password
Store GKE Kubernetes secret on KMS
Kubernetes with Kops is it correct to have each master in its own instance group?
Periodic Istio Citadel pod restart

2 Answers

11/20/2018

This should work, and does when I tried. My guess is that you have other conflicting route rules for the productpage service defined.

-- Frank B
Source: StackOverflow
11/23/2018

The root cause of my issues were an improperly set up includeIPRanges in my minicloud cluster. I set up the 10.0.0.1/24 CIDR, but some services were listening on 10.35.x.x.

-- Igor Šarčević
Source: StackOverflow