ServiceEntry 解析错误
问题表现
创建 ServiceEntry
apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
name: gitlab-huoys
spec:
hosts:
- gitlab-huoys
location: MESH_INTERNAL
ports:
- name: https
number: 5500
protocol: TCP
resolution: STATIC
endpoints:
- address: 8.8.8.8
istio-pilot 日志显示错误如下:
parseHostname(gitlab-huoys) => error missing service name and namespace from the service hostname "gitlab-huoys"
解决方案
将其改为如下内容后正常:
apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
name: gitlab-huoys
spec:
hosts:
- git.service-entry.com
location: MESH_INTERNAL
ports:
- name: https
number: 5500
protocol: TCP
resolution: STATIC
endpoints:
- address: 8.8.8.8
应该是判断逻辑中如果host 没有带 . 就当作主机名解析导致出问题,具体需要看代码。
istio-ingressgateway 命名空间隔离
问题现象
官网文档上写 istio-ingressgateway 不可跨命名空间使用 ,但实际可以夸命名空间使用 (新版本已经写明支持,但不建议)
REQUIRED: One or more labels used to select the specific gateway workload to which this configuration should be applied. It is recommended that the Gateway resource reside in the same namespace as the gateway workload. This may become a requirement in the future.
解决方案
istio-ingressgateway 可以跨命名空间使用
istio-ingressgateway 在命名空间A, 但在命名空间B 创建 Gateway 可以正常生效,Gateway 定义如下
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: gitlab
namespace: B
spec:
selector:
istio: ingressgateway
servers:
- hosts:
- test.com
port:
name: https
number: 443
protocol: HTTPS
tls:
mode: PASSTHROUGH
