tencent cloud

Detect AI Fraud with Tencent eKYC！Intercept 99%+ Deepfake Attacks!

Tencent Cloud Mesh

Release Notes and Announcements

Announcements

Tencent Cloud Mesh Billing Notifications

Product Introduction

Purchase Guide

Billing Overview

Mesh Types and Quotas

Version Support Policies

Getting Started

Demo Application Deployment

Application Configuration

Configuring Public Network Access

Traffic Control

Multi-version Routing

Service HA

Fault Injection Testing

Service Timeout Configuration

Session Persistence

Connection Pool-based Concurrency Limiting

Multi-cluster Disaster Recovery and Multi-active

Cross-Cluster Disaster Recovery

Locality Load Balancing

Security Reinforcement

Operation Guide

Mesh Instance Management

Creating a Mesh

Upgrading a Mesh

Updating Mesh Configurations

Sidecar Injection and Configuration

Deleting a Mesh

Service Discovery Management

Automatic Service Discovery

Manual Service Registration

Gateway

Gateway Management

Gateway Configuration

Traffic Management

Using VirtualService to Configure Routing Rules

Using DestinationRule to Configure Service Versions and Traffic Policies

Observability

Monitoring Metrics

Security

Authentication Policy Configuration

Authorization Policy Configuration

Access Management

CAM Service Role Authorization

CAM Preset Policy Authorization

CAM Custom Policy Authorization

Extended Features

Using a Wasm Filter o Extend the Data Plane

FAQs

Permissions

How to Add Mesh Permissions to a Cluster

Cluster Management by Sub-account Fails

Pod Startup Fails Because the Envoy Sidecar Is Unready

Envoy Converts Headers to Lowercase

Headless Service-related FAQs

Istio-init Crashes

VirtualService Does Not Take Effect

Inappropriate VirtualService Route Matching Order

Failed to Access an Ingress Gateway from the Public Network

Parsing Fails After Smart DNS Is Enabled

Locality Load Balancing Does Not Take Effect

Sidecars Are Not Automatically Injected

Circuit Breaking Does Not Take Effect

Service Is Abnormal Due to a Retry Policy

Incomplete Call Tracing Information

TCM Policy

Data Processing And Security Agreement

DocumentationTencent Cloud MeshFAQsVirtualService Does Not Take Effect

VirtualService Does Not Take Effect

Last updated: 2023-12-26 15:27:25

VirtualService Does Not Take Effect

Last updated: 2023-12-26 15:27:25

In an environment with Istio enabled, VirtualService is defined in a cluster, but test results show that the defined rule does not take effect. This problem is usually caused by inappropriate configurations. This section lists common possible reasons.
Intra-Cluster Access: "mesh" Is Not Explicitly Specified in the gateways Field
If the gateways field is not specified for VirtualService, it actually implies that Istio will add a reserved gateway called "mesh" by default, which indicates all sidecars in the cluster. In other words, this VirtualService rule will take effect for intra-cluster access.
If the gateways field is specified, Istio will not add "mesh" by default. For example:
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
  name: productpage
spec:
  gateways:
  - istio-test/test-gateway
  hosts:
  - bookinfo.example.com
  http:
  - route:
    - destination:
        host: productpage
        port:
          number: 9080
The preceding configurations indicate that the VirtualService rule will take effect only for the gateway istio-test/test-gateway. For intra-cluster access, the traffic will not pass through this gateway, so the rule will not take effect.
If you want the rule to take effect also for the intra-cluster access, explicitly specify "mesh" for gateways.
  gateways:
  - istio-test/test-gateway
  - mesh
The preceding configurations indicate that this VirtualService will take effect for both the gateway istio-test/test-gateway and the intra-cluster access.
The following is an explanation of this field in Istio Documentation:
﻿
Note that the intra-cluster access usually indicates the direct access to a service name. Therefore, names of services in the cluster to be accessed must be added in the hosts field.
hosts:
- bookinfo.example.com
- productpage
Access Through Ingress Gateway: Incorrect hosts Definition
For the access from an ingress gateway, you need to ensure that the hosts fields in Gateway and VirtualService both contain the actual host used for access or a host name that can be matched by using a wildcard, usually an external domain name.
As long as the hosts field in Gateway or VirtualService is not defined correctly, 404 Not Found will be returned. Correct configuration examples are as follows:
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: test-gateway
  namespace: istio-test
spec:
  selector:
    app: istio-ingressgateway
    istio: ingressgateway
  servers:
  - port:
      number: 80
      name: HTTP-80-www
      protocol: HTTP
    hosts:
    - bookinfo.example.com # Define an external access domain name.
﻿
---
﻿
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
  name: productpage
spec:
  gateways:
  - istio-test/test-gateway
  hosts:
  - bookinfo.example.com  # Define the external access domain name.
  http:
  - route:
    - destination:
        host: productpage
        port:
          number: 9080

Was this page helpful?

You can also Contact Sales or Submit a Ticket for help.

Yes

No

Contact Us

Contact our sales team or business advisors to help your business.

Technical Support

Open a ticket if you're looking for further assistance. Our Ticket is 7x24 available.

7x24 Phone Support

Hong Kong, China

+852 800 906 020 (Toll Free)

United States

+1 844 606 0804 (Toll Free)

United Kingdom

+44 808 196 4551 (Toll Free)

Canada

+1 888 605 7930 (Toll Free)

Australia

+61 1300 986 386 (Toll Free)

EdgeOne hotline

+852 300 80699

More local hotlines coming soon