I want to config the route strategy for *-pim.webapi.com and pim.webapi.com. When apply the yaml to k8s, it says the two hosts are duplicated. But I don't think they are duplicated because *-pim.webapi.com can not match pim.webapi.com. Is this a bug of istio or my mistake?
The VirtualService yaml is:
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: public-ingress
namespace: netops
spec:
hosts:
- "*-pim.webapi.com"
- "pim.webapi.com"
gateways:
- public-ingress
http:
- route:
- destination:
host: pim.default.svc.cluster.localThe error message is
admission webhook "pilot.validation.istio.io" denied the request: configuration is invalid: duplicate hosts in virtual service: *-pim.webapi.com & pim.webapi.comThe source code for this error message is here https://github.com/istio/istio/blob/master/pilot/pkg/model/validation.go#L1602. But there is no help to understand and solve my problem.
This looks like a bug in Istio. The code you referenced calls this function to decide if the hosts match, and it's clearly doing the wrong thing in your case.
I would try using one host *pim.webapi.com, and see if that works. I'm not sure it will because I thought that wildcards could only be used for the full value of the left most component of a domain name, i.e., *.webapi.com, but not *pim.webapi.com.