istio: Envoy not resolving host defined in serviceentry

Bug Description

Hi there,

I am trying to use serviceentry to define a hostname “alias” that pods can refer to in place of the FQDN of an internal kubernetes service. However, even though

  1. the service registry seems to successfully register the serviceentry, and
  2. the envoy proxy for the client pod is synced with istiod

the client pod fails to reach the target pods via the serviceentry hostname.

ServiceEntry

apiVersion: networking.istio.io/v1beta1
kind: ServiceEntry
metadata:
  name: alias-entry
  namespace: ns1
spec:
  hosts:
  - alias
  location: MESH_INTERNAL
  ports:
  - number: 80
    name: http
    protocol: HTTP
  resolution: STATIC
  workloadSelector:
    labels:
      app: app1

Where the pods in this internal service have label of app: app1 and are deployed in namespace ns1

From a pod in the mesh in a different namespace in the same cluster, attempting to reach the pods in the internal service:

# curl -v http://alias
* Could not resolve host: alias
* Closing connection 0
curl: (6) Could not resolve host: alias

Wondering if I’m missing something here, or if there’s a fallacy in my assumptions? Thanks!

Version

$ istioctl version
client version: 1.13.2
control plane version: 1.11.3
data plane version: 1.11.3 (34 proxies)

Additional Information

No response

About this issue

  • Original URL
  • State: closed
  • Created 2 years ago
  • Comments: 18 (3 by maintainers)

Most upvoted comments

Hey @rm250750 still haven’t been able to get even the sample service entry in the istio dns proxying guide to work. I reached out in the Slack channel but haven’t heard anything either. Will post here if I get any leads.

+4
dyu-bot on May 10, 2022
Read more comments on GitHub
← istio: "Envoy may have been out of memory killed. Check memory usage and limits."
istio: Envoy proxy is NOT ready: config not received from Pilot when deploying shared control plane →