How can I use 2 gateways watching for the same host?

sneko · May 2, 2019, 8:08am

Hi everyone,

I have 2 gateways in their own namespaces that watch the same domain example.com, listening on the same port 443. On the first one I look for all paths /*, this is done by a simple virtualservice:

  http:
  - route:
    - destination:
        host: AAAAA

and on the second I look for a specific path:

  http:
  - match:
    - uri:
        exact: /my-specific-path/hello
    route:
    - destination:
        host: BBBBBBB

My concern is that I’m not able to reach the second one since I think the first one is catching all requests.

I tried to make the first virtualservice more specific to just look for a path /whatever-aaa but the second one is still never used.

I think there is just one gateway settings that is used unfortunately, how could I fix that please?

Thank you,

howardjohn · May 2, 2019, 3:30pm

Do you have two gateways or two virtual services? I think you could just use one Gateway. Using 2 gateways with the same host will not work. Depending on your version, you may get a random one picked (seems like this is the case), envoy crashing, or the entire port 443 listener rejected. This was very recently fixed by https://github.com/istio/istio/issues/13717 which will be in Istio 1.1.5, with the choice to explicitly reject one of the duplicates, so either way you will need to use one gateway if they have the same host+port combination

sneko · May 2, 2019, 4:35pm

Hi Howard,

I was using 2 pairs:

Gateway A + VirtualService A to match example.com/* (in namespace X)
Gateway B + VirtualService B to match example.com/specific-path (in namespace Y)

That’s the second one that was not catching requests. The workaround I found for now as you said is to just use one gateway even if that’s weird for me my VirtualService B in namespace Y tries to be linked to Gateway A in namespace X.

I’m doing this to link them:

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: B
  namespace: Y
spec:
  hosts:
  - "example.com"
  gateways:
  - gatewayA.X
  http:
  - match:
    - uri:
        exact: /specific-path
    route:
    - destination: 
        host: bbbbbb

Honestly, I don’t understand why my previous attempt with 2 gateways + 2 virtualservices is not working. On each gateway hosts property I was prefixing the domains with the namespace to watch virtual services, like that:

GATEWAY A:
    hosts:
    - "namespaceA/example.com"

GATEWAY B:
    hosts:
    - "namespaceB/example.com"

From my understanding Istio should be able to merge both settings without rejecting one of them since they are scoped.

Maybe the technical reason is more complicated hmmm?

Thank you,

Topic		Replies	Views
Ingress gateway tcp multiple connection	2	1865	October 13, 2020
Istio routing to same postgres db even when separate gateway and virtual service exist for separate DBs Networking	0	1152	January 25, 2023
Custom Gateways for multiple environments/hosts Networking	1	713	December 18, 2023
Need help understanding Egress Gateways with multiple hosts	1	791	November 5, 2021
Virtualservice: HTTP multi-match and fallback	0	895	April 11, 2020

How can I use 2 gateways watching for the same host?

Related topics