VirtualService hosts and minikube

Hi all,

I am cross posting this from StackOverflow, with some minor tweaks.


In this project, I have defined this virtual service:

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: hello-k8s
spec:
  hosts:
    - hello.local
  http:
    - name: hello-k8s
      match:
        - uri:
            prefix: /
      route:
        - destination:
            host: hello               # <--------------
            port:
              number: 8080

After deploying the project to my local minikube, how can I send a curl request to my app?

I have verified that istio is enabled in minikube:

➜ minikube addons list
|-----------------------------|----------|--------------|
|         ADDON NAME          | PROFILE  |    STATUS    |
|-----------------------------|----------|--------------|
| ambassador                  | minikube | disabled     |
| csi-hostpath-driver         | minikube | disabled     |
| dashboard                   | minikube | disabled     |
| default-storageclass        | minikube | enabled ✓    |
| efk                         | minikube | disabled     |
| freshpod                    | minikube | disabled     |
| gcp-auth                    | minikube | disabled     |
| gvisor                      | minikube | disabled     |
| helm-tiller                 | minikube | disabled     |
| ingress                     | minikube | disabled     |
| ingress-dns                 | minikube | disabled     |
| istio                       | minikube | enabled ✓    |
| istio-provisioner           | minikube | enabled ✓    |
| kubevirt                    | minikube | disabled     |
| logviewer                   | minikube | disabled     |
| metallb                     | minikube | disabled     |
| metrics-server              | minikube | disabled     |
| nvidia-driver-installer     | minikube | disabled     |
| nvidia-gpu-device-plugin    | minikube | disabled     |
| olm                         | minikube | disabled     |
| pod-security-policy         | minikube | disabled     |
| registry                    | minikube | disabled     |
| registry-aliases            | minikube | disabled     |
| registry-creds              | minikube | disabled     |
| storage-provisioner         | minikube | enabled ✓    |
| storage-provisioner-gluster | minikube | disabled     |
| volumesnapshots             | minikube | disabled     |
|-----------------------------|----------|--------------|

I deployed the app and verified everything is working:

➜ kubectl apply -k base/
service/hello-k8s unchanged
deployment.apps/hello-k8s unchanged
virtualservice.networking.istio.io/hello-k8s configured

➜ kubectl get deployments/hello-k8s
NAME        READY   UP-TO-DATE   AVAILABLE   AGE
hello-k8s   1/1     1            1           20h

➜ kubectl get pods
NAME                         READY   STATUS    RESTARTS   AGE
hello-k8s-6d9cc7d655-plzs8   1/1     Running   0          20h

➜ kubectl get service/hello-k8s
NAME        TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)    AGE
hello-k8s   ClusterIP   10.98.144.226   <none>        8080/TCP   21h

➜ kubectl get virtualservice/hello-k8s
NAME        GATEWAYS   HOSTS             AGE
hello-k8s              ["hello.local"]   20h

➜ kubectl get pods -n istio-system
NAME                                    READY   STATUS    RESTARTS   AGE
istio-ingressgateway-8577c95547-6c9sk   1/1     Running   0          21h
istiod-6ccd677dc7-7cvr2                 1/1     Running   0          21h
prometheus-7767dfd55-x2pv6              2/2     Running   0          21h

Not sure why I have to do this (noob-under-pressure problem :man_facepalming:), but apparently it should be done according to this blog:

➜ kubectl label namespace default istio-injection=enabled --overwrite
namespace/default labeled

➜ kubectl get namespace -L istio-injection
NAME              STATUS   AGE   ISTIO-INJECTION
default           Active   21h   enabled
istio-operator    Active   21h
istio-system      Active   21h   disabled
kube-node-lease   Active   21h
kube-public       Active   21h
kube-system       Active   21h
playground        Active   21h

I inspected the ip of minikube and added an entry to /etc/hosts for hello.local (by following the instructions in the same blog post):

➜  minikube ip
192.168.49.2

➜ tail -n 3  /etc/hosts

# Minikube
192.168.49.2    hello.local

Then I queried the port of istio-ingressgateway:

➜ kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="http2")].nodePort}'
30616

Finally I sent a request to hello.local:30616, but the requests are not arriving at my app:

➜ curl -iv hello.local:30616/hello
*   Trying 192.168.49.2:30616...
* TCP_NODELAY set
* Connected to hello.local (192.168.49.2) port 30616 (#0)
> GET /hello HTTP/1.1
> Host: hello.local:30616
> User-Agent: curl/7.68.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 404 Not Found
HTTP/1.1 404 Not Found
< date: Thu, 25 Feb 2021 14:51:18 GMT
date: Thu, 25 Feb 2021 14:51:18 GMT
< server: istio-envoy
server: istio-envoy
< content-length: 0
content-length: 0

<
* Connection #0 to host hello.local left intact

I tried a few other variations of ip/port combos to no avail.

maybe run istioctl analyze and see if there are any easy misconfigurations?

I don’t have that command as I enabled istio on minikube via addons (minikube addons enable …):

| istio                       | minikube | enabled ✅   |
| istio-provisioner           | minikube | enabled ✅   |

If you clone my git repo and deploy it to your minikube, would it work for you?

➜ kubectl apply -k deployment/kustomize/base/