Example using the code in https://github.com/primeroz/istio-on-kind
following instructions in https://github.com/primeroz/istio-on-kind/blob/main/TEST-IST0101.md
ENV=customdns ./kind.sh create
kubectl get node
NAME STATUS ROLES AGE VERSION
istio-control-plane Ready master 60s v1.16.15
istio-worker Ready <none> 35s v1.16.15
istio-worker2 Ready <none> 28s v1.16.15
kubectl get cm -n kube-system kubeadm-config -o json | jq '.data."ClusterConfiguration"' -r
apiServer:
certSANs:
- localhost
- 0.0.0.0
extraArgs:
authorization-mode: Node,RBAC
runtime-config: ""
timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta2
certificatesDir: /etc/kubernetes/pki
clusterName: istio
controlPlaneEndpoint: istio-control-plane:6443
controllerManager:
extraArgs:
enable-hostpath-provisioner: "true"
dns:
type: CoreDNS
etcd:
local:
dataDir: /var/lib/etcd
imageRepository: k8s.gcr.io
kind: ClusterConfiguration
kubernetesVersion: v1.16.15
networking:
dnsDomain: cluster1.local
podSubnet: 10.244.0.0/16
serviceSubnet: 10.96.0.0/16
scheduler: {}
kubectl get cm -n kube-system kubeadm-config -o json | jq '.data."ClusterConfiguration"' -r | yq '.networking.dnsDomain'
"cluster1.local"
ENV=customdns ./setup-simple.sh
kubectl apply -f podinfo/podinfo.yaml
kubectl wait -n dev deployment --all --for=condition=available --timeout=180s
kubectl get -n istio-system istiooperator standard -o yaml
...
meshConfig:
accessLogFile: /dev/stdout
connectTimeout: 5s
defaultConfig:
sds:
enabled: true
tracing:
zipkin:
address: zipkin.istio-system:9411
enableTracing: false
ingressClass: istio
trustDomain: cluster1.local
profile: default
values:
global:
istiod:
enableAnalysis: true
proxy:
clusterDomain: cluster1.local
tracer:
zipkin:
address: zipkin.istio-system:9411
trustDomain: cluster1.local
pilot:
env:
PILOT_ENABLE_EDS_FOR_HEADLESS_SERVICES: false
PILOT_ENABLE_HEADLESS_SERVICE_POD_LISTENERS: true
PILOT_ENABLE_STATUS: true
status:
componentStatus:
Base:
status: HEALTHY
EgressGateways:
status: HEALTHY
IngressGateways:
status: HEALTHY
Pilot:
status: HEALTHY
istioctl version
client version: 1.8.3
control plane version: 1.8.3
data plane version: 1.8.3 (14 proxies)
istioctl proxy-status
NAME CDS LDS EDS RDS ISTIOD VERSION
backend-v1-68757d49c5-2mz49.dev SYNCED SYNCED SYNCED SYNCED istiod-8dd598d8-5r9pm 1.8.3
backend-v2-56465bb684-p7bkr.dev SYNCED SYNCED SYNCED SYNCED istiod-8dd598d8-5r9pm 1.8.3
cache-fbccb8b4d-cwhg9.dev SYNCED SYNCED SYNCED SYNCED istiod-8dd598d8-s6jrr 1.8.3
details-v1-5974b67c8-zcslb.istio-demo SYNCED SYNCED SYNCED SYNCED istiod-8dd598d8-5r9pm 1.8.3
frontend-85ddd86dff-z5qt6.dev SYNCED SYNCED SYNCED SYNCED istiod-8dd598d8-5r9pm 1.8.3
istio-ingressgateway-7c7cf94589-hl8rr.istio-system SYNCED SYNCED SYNCED NOT SENT istiod-8dd598d8-5r9pm 1.8.3
productpage-v1-64794f5db4-8hs7t.istio-demo SYNCED SYNCED SYNCED SYNCED istiod-8dd598d8-s6jrr 1.8.3
public-egress-d74475d8b-5w9h5.istio-system SYNCED SYNCED SYNCED NOT SENT istiod-8dd598d8-s6jrr 1.8.3
public-ingress-696bb456f5-9w6pb.istio-system SYNCED SYNCED SYNCED SYNCED istiod-8dd598d8-5r9pm 1.8.3
public-ingress-696bb456f5-fld9p.istio-system SYNCED SYNCED SYNCED SYNCED istiod-8dd598d8-s6jrr 1.8.3
ratings-v1-c6cdf8d98-tv592.istio-demo SYNCED SYNCED SYNCED SYNCED istiod-8dd598d8-s6jrr 1.8.3
reviews-v1-7f6558b974-mjkmh.istio-demo SYNCED SYNCED SYNCED SYNCED istiod-8dd598d8-s6jrr 1.8.3
reviews-v2-6cb6ccd848-bdlzx.istio-demo SYNCED SYNCED SYNCED SYNCED istiod-8dd598d8-5r9pm 1.8.3
reviews-v3-cc56b578-745xw.istio-demo SYNCED SYNCED SYNCED SYNCED istiod-8dd598d8-5r9pm 1.8.3
istioctl analyze -A
Info [IST0102] (Namespace default) The namespace is not enabled for Istio injection. Run 'kubectl label namespace default istio-injection=enabled' to enable it, or 'kubectl label namespace default istio-injection=disabled' to explicitly mark it as not needing injection.
Info [IST0102] (Namespace istio-system) The namespace is not enabled for Istio injection. Run 'kubectl label namespace istio-system istio-injection=enabled' to enable it, or 'kubectl label namespace istio-system istio-injection=disabled' to explicitly mark it as not needing injection.Info [IST0118] (Service grafana.istio-system) Port name service (port: 3000, targetPort: 3000) doesn't follow the naming convention of Istio port.
Info [IST0118] (Service jaeger-collector.istio-system) Port name jaeger-collector-grpc (port: 14250, targetPort: 14250) doesn't follow the naming convention of Istio port.
Info [IST0118] (Service jaeger-collector.istio-system) Port name jaeger-collector-http (port: 14268, targetPort: 14268) doesn't follow the naming convention of Istio port.
cat test-vs-IST0101/VS.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: backend-in-istio-demo
namespace: istio-demo
spec:
hosts:
- backend.dev.svc
http:
- match:
- port: 9898
route:
- destination:
host: backend.dev.svc
port:
number: 9898
kubectl apply -f test-vs-IST0101/VS.yaml
Check we are getting the expected error since the service name is not fully qualified
istioctl analyze -A | grep Error
Error: Analyzers found issues when analyzing all namespaces.
See https://istio.io/v1.8/docs/reference/config/analysis for more information about causes and resolutions.
Error [IST0101] (VirtualService backend-in-istio-demo.istio-demo) Referenced host not found: "backend.dev.svc"
source env-customdns.sh
CLUSTER_DNS_DOMAIN="$CLUSTER_DNS_DOMAIN" envsubst < test-vs-IST0101/VS-fqdn.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: backend-in-istio-demo
namespace: istio-demo
spec:
hosts:
- backend.dev.svc.cluster1.local
http:
- match:
- port: 9898
route:
- destination:
host: backend.dev.svc.cluster1.local
port:
number: 9898
CLUSTER_DNS_DOMAIN="$CLUSTER_DNS_DOMAIN" envsubst < test-vs-IST0101/VS-fqdn.yaml | kubectl apply -f -
Confirm we are still getting the error even with a fully qualified name "backend.dev.svc.cluster1.local"
istioctl analyze -A | grep Error
Error: Analyzers found issues when analyzing all namespaces.
See https://istio.io/v1.8/docs/reference/config/analysis for more information about causes and resolutions.
Error [IST0101] (VirtualService backend-in-istio-demo.istio-demo) Referenced host not found: "backend.dev.svc.cluster1.local"
Apply a more complex VirtualService with a fully qualified name for the service in the different namespace so we can confirm the configuration propagate to Envoy proxy
CLUSTER_DNS_DOMAIN="$CLUSTER_DNS_DOMAIN" envsubst < test-vs-IST0101/VS-fqdn-split.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: backend-in-istio-demo
namespace: istio-demo
spec:
hosts:
- backend.dev.svc.cluster1.local
http:
- match:
- port: 9898
route:
- destination:
host: backend.dev.svc.cluster1.local
port:
number: 9898
weight: 70
- destination:
host: backend.dev.svc.cluster1.local
port:
number: 9898
weight: 30
POD=$(istioctl proxy-status | grep productpage | awk '{print $1}')
istioctl proxy-config route $POD --name 9898 -o json
[
{
"name": "9898",
"virtualHosts": [
{
"name": "allow_any",
"domains": [
"*"
],
"routes": [
{
"name": "allow_any",
"match": {
"prefix": "/"
},
"route": {
"cluster": "PassthroughCluster",
"timeout": "0s",
"maxStreamDuration": {
"maxStreamDuration": "0s"
}
}
}
],
"includeRequestAttemptCount": true
},
{
"name": "backend.dev.svc.cluster1.local:9898",
"domains": [
"backend.dev.svc.cluster1.local",
"backend.dev.svc.cluster1.local:9898",
"backend.dev",
"backend.dev:9898",
"backend.dev.svc.cluster1",
"backend.dev.svc.cluster1:9898",
"backend.dev.svc",
"backend.dev.svc:9898",
"10.96.78.60",
"10.96.78.60:9898"
],
"routes": [
{
"match": {
"prefix": "/",
"caseSensitive": true
},
"route": {
"cluster": "outbound|9898||backend.dev.svc.cluster1.local",
"timeout": "0s",
"retryPolicy": {
"retryOn": "connect-failure,refused-stream,unavailable,cancelled,retriable-status-codes",
"numRetries": 2,
"retryHostPredicate": [
{
"name": "envoy.retry_host_predicates.previous_hosts"
}
],
"hostSelectionRetryMaxAttempts": "5",
"retriableStatusCodes": [
503
]
},
"maxStreamDuration": {
"maxStreamDuration": "0s"
}
},
"metadata": {
"filterMetadata": {
"istio": {
"config": "/apis/networking.istio.io/v1alpha3/namespaces/istio-demo/virtual-service/backend-in-istio-demo"
}
}
},
"decorator": {
"operation": "backend.dev.svc.cluster1.local:9898/*"
}
}
],
"includeRequestAttemptCount": true
}
],
"validateClusters": false
}
]