K
Q

VirtualService routing only uses one host

9/26/2019

I have the following VirtualService:

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: external-vs
  namespace: dev
spec:
  hosts:
    - "*"
  gateways:
    - http-gateway
  http:
    - name: "postauth"
      match:
      - uri:
        exact: /postauth
      route:
        - destination:
            port:
              number: 8080
            host: postauth
    - name: "frontend"
      match:
        - uri:
          exact: /app
      route:
        - destination:
            port:
              number: 8081
            host: sa-frontend

I would expect that calls to the /postauth endpoint would be routed to the postauth service and calls to the /app endpoint would be routed to the sa-frontend service. What is happening is that all calls end up being routed to the first router in the file, in the above case to postauth, but if I change the order it will be to sa-frontend

All services and deployments are in the same namespace (dev).

Is that somehow the expected behaviour? My interpretation is that the above should only allow calls to the /postauth and /app endpoints and nothing else, and route these to their respective services.

-- Pedro Jordão
istio
kubernetes
networking

Similar Questions

Configure Nginx connection timeout for specific request pattern
Failed to make https on gcp kubernetes
Unable to sign in with default config file generated with Oracle cloud
Azure function with service bus binding to AKS
Ingress creating health check on HTTP instead of TCP

1 Answer

11/6/2019

As per documentaion for Istio 1.3 in HTTPMatchRequest you can find

Field: name, Type: string

I have compared those settings between 1.1 and 1.3 versions: In version 1.3.4 this paramereter is working properly and the routes were propagated with the names:

[
    {
        "name": "http.80",
        "virtualHosts": [
            {
                "name": "*:80",
                "domains": [
                    "*",
                    "*:80"
                ],
                "routes": [
                    {
                        "name": "ala1",
                        "match": {
                            "prefix": "/hello1",
                            "caseSensitive": true
                        },
                        "route": {
                            "cluster": "outbound|9020||hello1.default.svc.cluster.local",
.
.
.

                    {
                        "name": "ala2",
                        "match": {
                            "prefix": "/hello2",
                            "caseSensitive": true
                        },
                        "route": {
                            "cluster": "outbound|9030||hello2.default.svc.cluster.local",

While in version 1.1 it's not working properly. In those cases please verify your settings with appropriate release.

In addition please refer to Troubleshooting section.

You can verify your applied configuration (changes) inside the cluster, f.e.: How Envoy instance was configured:

istioctl proxy-config cluster -n istio-system your_istio-ingressgateway-name

Verify routes configuration and virtual hosts for services:

istioctl proxy-config routes -n istio-system your_istio-ingressgateway-name -o json

Hope this help.

-- Hanx
Source: StackOverflow