Routing issue or Kiali visualizing issue?

Hi everybody,

I have a scenario where an API client implemented in our monolith outside the service mesh must call through the service mesh (to ensure uniform security, logging etc) to an external API placed outside our company.

The routing is like this: External client --> istio-ingressgateway --> nginx (reverse proxy) with sidecar --> service entry (to external service) --> istio-egressgateway --> external API.

I’ve configured TLS origination for the outbound request as described in: https://istio.io/docs/tasks/traffic-management/egress/egress-gateway-tls-origination/

It’s working but in Kiali the Graph is displaying two separate flows, which makes it confusing to look at.

Component versions:
Istio 1.6.0
Kiali 1.18.1
Prometheus 2.15.1
Kubernetes 1.18.2

I hope someone can give some insight.

Thanks!
Jesper

@jesper I’ve mentioned your issue here: https://github.com/kiali/kiali/issues/2784 , perhaps it’s related to other issues in telemetry and/or Kiali where the namespace isn’t recognized and set to “unknown”.

@Pengyuan_Bian We’ve seen this sort of telemetry reported a few times lately. It seems to happen when a gateway (egress or ingress) makes a request to an external host. The destination_service is set but no destination_service_namespace. Instead I would have expected PassthroughCluster as the destination. Also, in this case the telemetry is disconnected. I’m trying to determine whether the telemetry is expected and we need to handle it better in Kiali, or if it’s unexpected and there needs to be a change in Istio.

Could it be related to this? https://github.com/istio/istio/issues/23907

@gargnupur, I don’t know, hoping @Pengyuan_Bian may have an idea.