istio: TCP routing rules are ignored
@mydoal commented on Thu May 10 2018
Bug: Y
What Version of Istio and Kubernetes are you using, where did you get Istio from, Installation details
istioctl version
Version: release-0.8-20180504-17-20
GitRevision: 1ec141e7b9a735c6bcc2b4fae29c6924bc94c49b
User: root@20f3450616f6
Hub: gcr.io/istio-release
GolangVersion: go1.10.1
BuildStatus: Clean
kubectl version
Client Version: version.Info{Major:"1", Minor:"9", GitVersion:"v1.9.5", GitCommit:"f01a2bf98249a4db383560443a59bed0c13575df", GitTreeState:"clean", BuildDate:"2018-03-19T15:59:24Z", GoVersion:"go1.9.3", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"9", GitVersion:"v1.9.3", GitCommit:"d2835416544f298c919e2ead3be3d0864b52323b", GitTreeState:"clean", BuildDate:"2018-02-07T11:55:20Z", GoVersion:"go1.9.2", Compiler:"gc", Platform:
Is Istio Auth enabled or not ?
Installed from: https://gcsweb.istio.io/gcs/istio-prerelease/daily-build/release-0.8-20180504-17-20/
What happened:
TCP Routing rules are ignored. Services in the mesh that use “service-mongodb” on port 80 keep reaching that service instead of being forwarded to port 27018 as defined in the routing rules.
What you expected to happen: Services in the mesh that use “service-mongodb” should be routed to port 27018.
How to reproduce it:
service-mongodb is defined in a yaml file
apiVersion: v1
kind: Service
metadata:
name: service-mongodb
labels:
app: service-mongodb
spec:
selector:
app: service-mongodb
ports:
- port: 80
targetPort: 27017
name: mongo
protocol: TCP
and deployed to kubernetes using:
kubectl apply -f <(istioctl kube-inject --debug -f mongodb.yaml)
TCP Routing Rules
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: service-mongodb-route
spec:
hosts:
- service-mongodb
tcp:
- match:
- port: 80
sourceSubnet: "0.0.0.0/0"
route:
- destination:
host: service-mongodb
port:
number: 27018
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: service-mongodb-destination
spec:
host: service-mongodb
Feature Request: Y/N
Describe the feature:
@mydoal commented on Wed May 16 2018
bump… Does someone have any insight on this?
About this issue
- Original URL
- State: closed
- Created 6 years ago
- Comments: 16 (4 by maintainers)
I ended up using different ports externally that target the same targetPort across individual service endpoints. TCP traffic doesn’t pass headers so you don’t have a host header available. I also found on GCP there’s a limit of 5 ports per load balancer, which isn’t obvious at first.
k8s: 1.16.13 istio: 1.8.1
Routing by host seems broken for TCP traffic, I’ve tried this on 1.7.4 and 1.8.1 and ran into the same issue, I have multiple hostnames that resolve to a single IP address and was trying to route by host in my virtual services to different destinations on the same port, I’ve done similar in several places using http protocols without any trouble. However, all traffic is routed through the first applied virtual service, despite the specified hosts field. It didn’t matter what domain I accessed the service on, as long as it resolved to the IP of the internal gateway on port 26257. If I accessed the service with the product.myinternaldomain.com or the delivery.myinternaldomain.com I would always receive a connection to the database at the product destination.
Did this issue ever get resolved? I’m using istio 1.5 with the following config and the
hostsoption is being completely ignored for me: