ServiceEntry not routing the traffic back to the cluster

sskmail14 · July 18, 2021, 8:38am

Hai All,

Istio Version: 1.8.1

Am new to istio.

I have istio setup where ServiceEntry is not working as expected. I was using the ServiceEntry for the purpose of routing the egress traffic back to the istio cluster to a pod/service.

I have host say - https://sample-app.com

Here is my scenario:

External Traffic:

https://sample-app.com → Gateway → VirtualService → Service(Kube) → App1
External traffic is working as expected.

When I make a call from App2 which is in the same cluster(same namespace) which has the URL https://sample-app.com where I cant change this to service URL of kube for backward compatibility.

Expected Flow

App2 → https://sample-app.com(Which has to make call to internal VirtualService via ServiceEntry) → ServiceEntry(MESH_INTERNAL) → VirtualService(Internal) → Service(Kube) → App1

Configs

---
# Source: Service Entry
---
apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
  name: external-svc-redirect
  namespace: app # Use same namespace with backend service
spec:
  hosts:
  - sample-app.com
  location: MESH_EXTERNAL
  ports:
  - number: 443
    name: https
    protocol: TLS
  resolution: NONE

...
---
# Source: Create virtual service to access internal
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: internal-routing
  namespace: app # Use same namespace with backend service
spec:
  hosts:
  - sample-app.com
  gateways:
  - mesh # applies to all the sidecars in the mesh
  tls:
  - match:
    - sniHosts:
      - sample-app.com
    route:
    - destination:
        host: sample.app.svc.cluster.local # Backend service name
        port:
          number: 8084

Steps to reproduce the bug

Version (include the output of istioctl version --remote and kubectl version --short and helm version --short if you used Helm)

$ istioctl version --remote
client version: 1.8.1
control plane version: 1.8.1
data plane version: 1.8.1 (33 proxies)
$ kubectl version --short
Client Version: v1.18.8-eks-7c9bda
Server Version: v1.18.9-eks-d1db3c

How was Istio installed?
istioctl install
Environment where the bug was observed (cloud vendor, OS, etc)
AWS EKS

Reference:

Istio / Service Entry.

Topic		Replies	Views
VirtualService route to a destination host declared in ServiceEntry not working Networking	2	2218	May 15, 2020
Possible Istio bug routing to internal service Networking	0	494	December 27, 2019
Istio ServiceEntry and VirtualService to redirect to host	0	1281	October 31, 2020
Virtual service not working service entry yes Networking	0	664	December 4, 2021
Routing all intercluster traffic through egress gateway Networking	1	417	February 27, 2023

ServiceEntry not routing the traffic back to the cluster

Related Topics