Problems that occur when traffic is transferred between different services of istio

1

Originally, I thought it would be easy to replace the functionality of different services (across namespace) with istio, but I actually ran into a problem.
Let me describe the problem:
The same namespace, in an already successful into sidecars pod, I want to visit the details in the form of curl http://details:8080/details/0 service. The details are not actually deployed on the namespace, but deployed in namespace istio-project and the service port is 9080. I use http://details.istio-project.svc.cluster.local:9080/details/0 is to be able to access the details. In order to let me use the curl http://details:8080/details/0 can visit I made the following:

1.Deploy the service in the namespace of the requested test(create DNS):

apiVersion: v1
kind: Service
  labels:
    app: details
    service: details
  name: details
spec:
  clusterIP: 172.30.24.46
  ports:
  - name: http
    port: 9080
    protocol: TCP
    targetPort: 9080
  selector:
    app: details
  sessionAffinity: None
  type: ClusterIP
status:
  loadBalancer: {}

2.Create virtualService to forward flow

kind: VirtualService
metadata:
  name: details
  namespace: request-namespace
spec:
  hosts:
  - details.alter-470869450099302400.svc.cluster.local
  http:
  - name: remote-namespace-route
    route:
    - destination:
        host: details.istio-project.svc.cluster.local
        port:
          number: 9080

then I do ‘curl http://details:8080/details/0’ failed:

curl: (56) Recv failure: Connection reset by peer

envoy log:
[2020-11-16T07:37:12.207Z] "- - -" 0 UF,URX "-" "-" 0 0 10001 - "-" "-" "-" "-" "172.30.24.46:8080" PassthroughCluster - 172.30.24.46:8080 10.108.144.56:33778 - -

when I use curl http://details:9080/details/0 ok

2

When I use the following service deployment in the request side namespace and real service lies in the namespace can use curl http://details:8080/details/0 request.

apiVersion: v1
kind: Service
  labels:
    app: details
    service: details
  name: details
spec:
  clusterIP: 172.30.24.46
  ports:
  - name: http
    port: 8080
    protocol: TCP
    targetPort: 9080
  selector:
    app: details
  sessionAffinity: None
  type: ClusterIP
status:
  loadBalancer: {}

kind: VirtualService
metadata:
  name: details
  namespace: request-namespace
spec:
  hosts:
  - details.alter-470869450099302400.svc.cluster.local
  http:
  - name: remote-namespace-route
    route:
    - destination:
        host: details.istio-project.svc.cluster.local
        port:
          number: 9080

so don’t be istio support port to replace or how can I repace the port

3

Nope Istio cannot replace ports. You can do url rewrite

4

skip the virtual service creation step, Only use the service, you exec into another pod.
if the service “details” is a different namespace with the pod (exec) you use curl as below.
curl http://details.{name-space}.svc.cluster.local: port/…
If the service is the same name-space you use curl as below:
curl http://details:port/…
Note: don’t apply permission authentication with mode STRICT

5

This is not the problem I’m describing. Domain names are written in the service code and cannot be changed. Operations want to proxy traffic, which is why we’re using istio