Unable to use domains in VirtualService "hosts" that are not in Istio service registry

alecor191 · October 24, 2020, 9:30am

According to Istio documentation I should be able to use an arbitrary name in VirtualService’s hosts field:

Virtual service hosts don’t actually have to be part of the Istio service registry, they are simply virtual destinations.

Unfortunately, I don’t seem to be able to get this working. Here my example:

I have two services called webapp1 and webapp2. Both in namespace mynamespace
I would like to be able to send a request to http://foo.mynamespace/ that will get routed to webapp1. Note that there is no service called foo.

Here my VirtualService configuration:

...
spec:
  hosts:
    - webapp1.mynamespace.svc.cluster.local
    - webapp2.mynamespace.svc.cluster.local
    - foo.mynamespace.svc.cluster.local
  http:
    - route:
        - destination:
            host: webapp1.mynamespace.svc.cluster.local
            port:
              number: 80

My understanding is that the above should route all of the following requests to webapp1 service:

http://webapp1.mynamespace/
http://webapp2.mynamespace/
http://foo.mynamespace/

What I see is that both requests to http://webapp1.mynamespace/ and http://webapp2.mynamespace/ get routed to webapp1 service.

However, requests to http://foo.mynamespace/ result in name resolution error (executed from a container in the Istio mesh):

curl http://foo.mynamespace/
curl: (6) Could not resolve host: foo.mynamespace

Any thoughts on what I’m missing?

gr4b4z · November 6, 2020, 12:19pm

Hi, according to the docs:
" … The name of a service from the service registry. Service names are looked up from the platform’s service registry (e.g., Kubernetes services, Consul services, etc.) and from the hosts declared by ServiceEntry . Traffic forwarded to destinations that are not found in either of the two, will be dropped."

Base on the above, your traffic is dropped.
So you have to create either a Service so K8s have it in its registry, or create manually a ServiceEntry.

apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
name: external-svc-wikipedia
spec:
hosts:

wikipedia.org
location: MESH_EXTERNAL
ports:
number: 80
name: example-http
protocol: HTTP
resolution: DNS

howardjohn · November 8, 2020, 4:28pm

Istio does not create DNS entries. If you want to do this you will need to either get dns configured appropriately for that host or not use dns and directly send to the ip + hostname you desire

Topic		Replies	Views
VirtualService in Service Registry OR VirtualService chaining to another VirtualService? Networking	4	3271	January 23, 2020
VirtualService route to a destination host declared in ServiceEntry not working Networking	2	2700	May 15, 2020
Request by domain name between services return 404 Networking	16	1917	December 22, 2020
Istio ServiceEntry and VirtualService to redirect to host	0	1544	October 31, 2020
Virtual Service's host doesn't resolve with HTTP Networking openshift	3	4434	March 23, 2021

Unable to use domains in VirtualService "hosts" that are not in Istio service registry

Related Topics