Istio Cluster Based Routing (Split Horizon EDS) - Query


#1

I have a quick query w.r.t Istio’s split horizon EDS working, since I believe some of you have got it to work.

Every component is up and running and I can verify that remote cluster is also connected to main, as the pilot registration API shows me the IP of remote apps (including Istio’s).

But I don’t see the MeshNetwork gateway added as should happen. So my Pilot Registration API shows IP of main and remote cluster for hello-world pod, and when I try to access it it returns success for the v1 but failure for v2 (which is obvious, as it tried to connect to pod IP address on the remote cluster, rather than the gateway).

Anil had suggested that I should match the fromRegistry name with that of the secrets (Tried that, but that didn’t work for me?).

Any idea, what I would be missing and way to debug the same ?

Thanks
Manish
PS. Using istio-1.1.0-snapshot.4


#2

Manish,

I have not had an opportunity to test split horizon in detail, although I should and plan to do so in the coming week. I would recommend using the latest daily rather than a snapshot as some PRs have gone in in this area recently to enable the work.

There are also 1 or 2 more PRs needed for things to work really well, but AFAIK things work well enough for an eval now.

Are you referencing?

Cheers
-steve


#3

Thanks Steve.

I did try the latest, but no luck.

And yes, I am referencing the doc you shared, and I believe there is something that is either missing from the document or the way I am doing it, which is making it not to work.

Will look forward to your testing and suggestions. By the way I am using two AWS k8s clusters (both .local but different cluster names), configured using kops.

Thnx
Manish CHUGTU


#4

In my testing of gateway multicluster (which is a different but related implementtation), AWS didn’t work properly with the classic load balancer. I had to use a NLB. Unfortunately the NLB is limited to one Kubernetes cluster per region because of a defect in the underlying cloud provider code in upstream Kubernetes. For more details on the AWS NLB see:

I had updated the blog post to be more accurate for 1.1 a few weeks ago.

All that said, I’ve heard that classic LB can be made to work. The instructions I received were something along the lines of “install a gateway/vs/httpbin so Amazon’s classic LB healthchecking kicks in, then turn on healthchecking in AWS to port 80”.

Cheers
-steve