Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Gateways can't have dots in their name #13211

Closed
prune998 opened this issue Apr 10, 2019 · 3 comments

Comments

3 participants
@prune998
Copy link
Contributor

commented Apr 10, 2019

Describe the bug
When a gateway contains a dot (.) in it's name, no virtualservices can be attached to it.

Expected behavior
either :

  • we can use dots in gateway names
  • Galley should reject the creation of a gateway with a dot in the name

Steps to reproduce the bug
I'm using a simple hello-world image + service like :

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: hello
spec:
  template:
    metadata:
      annotations:
        sidecar.istio.io/inject: "false"
      labels:
        run: hello
    spec:
      containers:
      - image: gcr.io/google-samples/hello-app:1.0
        name: hello
        ports:
        - containerPort: 8080
          protocol: TCP
---
apiVersion: v1
kind: Service
metadata:
  labels:
    run: hello
  name: hello
spec:
  ports:
  - port: 8080
    protocol: TCP
    targetPort: 8080
  selector:
    run: hello
  sessionAffinity: None
  type: ClusterIP

Create a gateway manifest containing a dot in the name like :

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: gw-hello.notworking
spec:
  selector:
    istio: ingressgateway
  servers:
  - hosts:
    - www.external-url.com
    port:
      name: http-hello
      number: 80
      protocol: HTTP

Add a VirtualService that route from this gateway :

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: vs-hello
spec:
  gateways:
  - gw-hello.notworking
  hosts:
  - www.external-url.com
  http:
  - match:
    - uri:
        prefix: /
    route:
    - destination:
        host: hello.default.svc.cluster.local
        port:
          number: 8080

You can check the listener created for the IngressGateway like :
istioctl proxy-config listeners -n istio-system istio-ingressgateway-5798d55d79-nhpfc --port 80 -o json
You should see a route from RDS named http.80
Then check the route :
istioctl proxy-config routes -n istio-system istio-ingressgateway-5798d55d79-nhpfc --name http.80 -o json

The resulting route is just the default blackhole on port 80.

When you change the gateway name and remove the dot, everything is fine :

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: gw-hello
spec:
  selector:
    istio: ingressgateway
  servers:
  - hosts:
    - www.external-url.com
    port:
      name: http-hello
      number: 80
      protocol: HTTP
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: vs-hello
spec:
  gateways:
  - gw-hello
  hosts:
  - www.external-url.com
  http:
  - match:
    - uri:
        prefix: /
    route:
    - destination:
        host: hello.default.svc.cluster.local
        port:
          number: 8080

This is even more obvious with https, as the route names are concatenated like https.443.https-hello.gw-hello.default

Version

istioctl version --remote
client version: version.BuildInfo{Version:"1.1.2", GitRevision:"2b1331886076df103179e3da5dc9077fed59c989", User:"root", Host:"35adf5bb-5570-11e9-b00d-0a580a2c0205", GolangVersion:"go1.10.4", DockerHub:"docker.io/istio", BuildStatus:"Clean", GitTag:"1.1.1"}
citadel version: version.BuildInfo{Version:"1.1.2", GitRevision:"2b1331886076df103179e3da5dc9077fed59c989-dirty", User:"root", Host:"35adf5bb-5570-11e9-b00d-0a580a2c0205", GolangVersion:"go1.10.4", DockerHub:"docker.io/istio", BuildStatus:"Modified", GitTag:"1.1.1"}
egressgateway version: version.BuildInfo{Version:"bdda7cfcf5ba1397e6e0e2629d53114c9ea8fc14", GitRevision:"bdda7cfcf5ba1397e6e0e2629d53114c9ea8fc14", User:"mjog", Host:"devinstance.c.mixologist-142215.internal", GolangVersion:"go1.10.1", DockerHub:"docker.io/istio", BuildStatus:"Clean", GitTag:"1.1.0-snapshot.4-592-gbdda7cf"}
galley version: version.BuildInfo{Version:"1.1.2", GitRevision:"2b1331886076df103179e3da5dc9077fed59c989-dirty", User:"root", Host:"35adf5bb-5570-11e9-b00d-0a580a2c0205", GolangVersion:"go1.10.4", DockerHub:"docker.io/istio", BuildStatus:"Modified", GitTag:"1.1.1"}
ingressgateway version: version.BuildInfo{Version:"bdda7cfcf5ba1397e6e0e2629d53114c9ea8fc14", GitRevision:"bdda7cfcf5ba1397e6e0e2629d53114c9ea8fc14", User:"mjog", Host:"devinstance.c.mixologist-142215.internal", GolangVersion:"go1.10.1", DockerHub:"docker.io/istio", BuildStatus:"Clean", GitTag:"1.1.0-snapshot.4-592-gbdda7cf"}
pilot version: version.BuildInfo{Version:"1.1.2", GitRevision:"2b1331886076df103179e3da5dc9077fed59c989-dirty", User:"root", Host:"35adf5bb-5570-11e9-b00d-0a580a2c0205", GolangVersion:"go1.10.4", DockerHub:"docker.io/istio", BuildStatus:"Modified", GitTag:"1.1.1"}
policy version: version.BuildInfo{Version:"1.1.2", GitRevision:"2b1331886076df103179e3da5dc9077fed59c989-dirty", User:"root", Host:"35adf5bb-5570-11e9-b00d-0a580a2c0205", GolangVersion:"go1.10.4", DockerHub:"docker.io/istio", BuildStatus:"Modified", GitTag:"1.1.1"}
sidecar-injector version: version.BuildInfo{Version:"1.1.2", GitRevision:"2b1331886076df103179e3da5dc9077fed59c989-dirty", User:"root", Host:"35adf5bb-5570-11e9-b00d-0a580a2c0205", GolangVersion:"go1.10.4", DockerHub:"docker.io/istio", BuildStatus:"Modified", GitTag:"1.1.1"}
telemetry version: version.BuildInfo{Version:"1.1.2", GitRevision:"2b1331886076df103179e3da5dc9077fed59c989-dirty", User:"root", Host:"35adf5bb-5570-11e9-b00d-0a580a2c0205", GolangVersion:"go1.10.4", DockerHub:"docker.io/istio", BuildStatus:"Modified", GitTag:"1.1.1"}
kubectl version
Client Version: version.Info{Major:"1", Minor:"14", GitVersion:"v1.14.0", GitCommit:"641856db18352033a0d96dbc99153fa3b27298e5", GitTreeState:"clean", BuildDate:"2019-03-26T00:04:52Z", GoVersion:"go1.12.1", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"12", GitVersion:"v1.12.6", GitCommit:"ab91afd7062d4240e95e51ac00a18bd58fddd365", GitTreeState:"clean", BuildDate:"2019-02-26T12:49:28Z", GoVersion:"go1.10.8", Compiler:"gc", Platform:"linux/amd64"}

Installation
using helm template

Environment
hosted on Azure AKS

@rshriram

This comment has been minimized.

Copy link
Member

commented Apr 12, 2019

aren't kubernetes names supposed to be DNS1123 labels (no dots)? if gateway name has dots, then it is trouble. In Istio 1.0.x, we asked people to refer to cross namesapce gateawys as gatewayname.namesapce.svc.cluster.local.. But starting in 1.1, we are asking people to refer to gateways as namespace/name [consistent with the way we are referring to services in the Sidecar CRD object].

As a backward compatibility measure, we continue to parse the old format as well, but internally we convert it into namespace/name format. So I guess what happened here is that our simple minded parsing ( split(gatewayName, '.')[1]/split(gatewayName, '.')[0]) doesn't work.

So yes, we should add validation to ensure that the Gateway Object's name does not contain a dot.

@prune998

This comment has been minimized.

Copy link
Contributor Author

commented Apr 12, 2019

As far as I remember, I also tried to reference the gateway (in a VirtualService) as namespace/gateway, and it was rejected by Galley.

I switched the GW name to not use dots at all, and created my virtualService in the same namespace, using the plain GW name.

Still, this situation is under-documented and not enforced as needed.
Thanks for your answer @rshriram

@frankbu

This comment has been minimized.

Copy link
Contributor

commented Apr 16, 2019

Fixed by #13351

Doc also improved to mention namespace/ syntax: istio/api#901

@frankbu frankbu closed this Apr 16, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.