Config precedence mechanism


#1

Hello there,

I am having doubts about which is the precedence that Istio takes when there are more than one Istio Config applying to the same workload/service?

For example, having the following 3 DestinationRules how the precedence works to decide which settings will use? Is there any documentation explaining that?

kind: "DestinationRule"
metadata:
  name: "default"
  namespace: "istio-system"
spec:
  host: "*.local"
  trafficPolicy:
    tls:
      mode: ISTIO_MUTUAL
---
kind: "DestinationRule"
metadata:
  name: "default"
  namespace: "bookinfo"
spec:
  host: "*.bookinfo.svc.cluster.local"
  trafficPolicy:
    loadBalancer:
      simple: LEAST_CONN
    tls:
      mode: DISABLE
---
kind: "DestinationRule"
metadata:
  name: "default"
  namespace: "bookinfo"
spec:
  host: "ratings.bookinfo.svc.cluster.local"
  subsets:
  - name: testversion
    labels:
      version: v3
  trafficPolicy:
    tls:
      mode: ISTIO_MUTUAL

I can imagine that it applies always the more specific setting first. So, in the example, service ratings will have the trafficPolicy of the 3rd DR, for the rest of the service of bookinfo it will take the 2nd one, and for the rest of the services outside of bookinfo it will take the 1st one. Am I right?

In the scenario of ratings service, which are the settings that are applied? loadBalancer is inherited from 2nd DR? What is the mechanism of inheritance/override for those settings?

Thank you in advanced,