When istio ServiceEntry with resolution "DNS" update istio's routing map? #50792
-
|
I'm struggling with configuring Istio service mesh, especially domain resolving which are accessible by only internal services. My question is, when does a ServiceEntry with the resolution field set to "DNS" resolve the hosts field values and apply them to the Istio routing table? For example, when does the "mine.ops.hm-net" domain get resolved as "mine-ops-service"? apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
name: internal-service-entry
spec:
hosts:
- "mine.ops.hm-net"
ports:
- name: http
number: 80
protocol: HTTP
location: MESH_INTERNAL
resolution: DNS
---
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: mine-ops-vs
namespace: mine-ops
spec:
hosts:
- mine.ops.hm-net
gateways:
- mesh
http:
- route:
- destination:
host: mine-ops-service
port:
number: 80Possible scenarios I can imagine are:
I'm curious about this because a ServiceEntry with a wildcard host (such as *.ops.hm-net) fails to resolve. It would make sense if the ServiceEntry updates the Istio routing table only when it's registered (first scenario) because there's no way to know the endpoint address with *.opt.hm-net. I've read Istio's official DNS proxying and ServiceEntry docs several times, but there's no mention of my question. Thank you for reading! |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 3 replies
-
|
DNS is done asynchronously (and continuously, when TTL expires) when the SE is created |
Beta Was this translation helpful? Give feedback.
-
|
Thank you for answer! So you mean "first scenario" is the answer? |
Beta Was this translation helpful? Give feedback.
-
|
Yes, but it also happens continuously even if the SE doesn't change |
Beta Was this translation helpful? Give feedback.
-
|
Thank you :) You save my day. |
Beta Was this translation helpful? Give feedback.
Yes, but it also happens continuously even if the SE doesn't change