tencent cloud

PrevNext

Feedback

search by keyword

Recent Pages

Documentation
Tencent Cloud Mesh
    Documentation
    Download PDF

    VirtualService Does Not Take Effect

    Last updated: 2023-12-26 15:27:25
    Download PDF
      In an environment with Istio enabled, VirtualService is defined in a cluster, but test results show that the defined rule does not take effect. This problem is usually caused by inappropriate configurations. This section lists common possible reasons.

      Intra-Cluster Access: "mesh" Is Not Explicitly Specified in the gateways Field

      If the gateways field is not specified for VirtualService, it actually implies that Istio will add a reserved gateway called "mesh" by default, which indicates all sidecars in the cluster. In other words, this VirtualService rule will take effect for intra-cluster access.
      If the gateways field is specified, Istio will not add "mesh" by default. For example:
      apiVersion: networking.istio.io/v1beta1
      kind: VirtualService
      metadata:
        name: productpage
      spec:
        gateways:
        - istio-test/test-gateway
        hosts:
        - bookinfo.example.com
        http:
        - route:
          - destination:
              host: productpage
              port:
                number: 9080
      The preceding configurations indicate that the VirtualService rule will take effect only for the gateway istio-test/test-gateway. For intra-cluster access, the traffic will not pass through this gateway, so the rule will not take effect.
      If you want the rule to take effect also for the intra-cluster access, explicitly specify "mesh" for gateways.
        gateways:
        - istio-test/test-gateway
        - mesh
      The preceding configurations indicate that this VirtualService will take effect for both the gateway istio-test/test-gateway and the intra-cluster access.
      The following is an explanation of this field in Istio Documentation:
      img
      
      Note that the intra-cluster access usually indicates the direct access to a service name. Therefore, names of services in the cluster to be accessed must be added in the hosts field.
      hosts:
      - bookinfo.example.com
      - productpage

      Access Through Ingress Gateway: Incorrect hosts Definition

      For the access from an ingress gateway, you need to ensure that the hosts fields in Gateway and VirtualService both contain the actual host used for access or a host name that can be matched by using a wildcard, usually an external domain name.
      As long as the hosts field in Gateway or VirtualService is not defined correctly, 404 Not Found will be returned. Correct configuration examples are as follows:
      apiVersion: networking.istio.io/v1alpha3
      kind: Gateway
      metadata:
        name: test-gateway
        namespace: istio-test
      spec:
        selector:
          app: istio-ingressgateway
          istio: ingressgateway
        servers:
        - port:
            number: 80
            name: HTTP-80-www
            protocol: HTTP
          hosts:
          - bookinfo.example.com # Define an external access domain name.
      
      ---
      
      apiVersion: networking.istio.io/v1beta1
      kind: VirtualService
      metadata:
        name: productpage
      spec:
        gateways:
        - istio-test/test-gateway
        hosts:
        - bookinfo.example.com  # Define the external access domain name.
        http:
        - route:
          - destination:
              host: productpage
              port:
                number: 9080
      Contact Us

      Contact our sales team or business advisors to help your business.

      Contact Us
      Technical Support

      Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

      Submit a Ticket
      7x24 Phone Support
      Copyright © 2013-2024 Tencent Cloud. All Rights Reserved.
      Privacy PolicyLegalCookie Policy