Hi, we need to enable access to one of our services via a custom hostname inside the cluster, let’s call it login.example.com. The actual service it should be routed to is release-utility-authentication.default.svc.cluster.local.
I tried to accomplish this with a MESH_INTERNAL ServiceEntry:
apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
name: internal-login
namespace: {{ .Release.Namespace }}
labels:
app: internal-login
version: {{ .Chart.Version }}
spec:
hosts:
- login.example.com
location: MESH_INTERNAL
ports:
- number: 80
name: http
protocol: HTTP
workloadSelector:
labels:
app: release-utility-authentication
This only works intermittently. I tested it with curl:
curl -v http://login.example.com/
It will usually work for the first request, but then if I do another request soon afterwards, it fails with:
upstream connect error or disconnect/reset before headers. reset reason: connection failure
Any ideas as to what’s causing this? Is there a better way to accomplish our goal? I’m open to totally alternative approaches.