Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Validations - Ensure ServiceEntry has WorkloadEntry addresses #4339

Closed
nrfox opened this issue Sep 8, 2021 · 0 comments · Fixed by #4489
Closed

Validations - Ensure ServiceEntry has WorkloadEntry addresses #4339

nrfox opened this issue Sep 8, 2021 · 0 comments · Fixed by #4489
Assignees
@xeviknal
Labels
backlog Triaged Issue added to backlog enhancement This is the preferred way to describe new end-to-end features.
Projects
Sprint 65 (v1.43)

Comments

@nrfox
Copy link
Contributor

nrfox commented Sep 8, 2021

Validate that internal ServiceEntry objects contain addresses that match the WorkloadEntry objects that they select.

Given the following ServiceEntry and WorkloadEntry

apiVersion: networking.istio.io/v1beta1
kind: ServiceEntry
metadata:
  name: ratings
spec:
  addresses:
    - ratings.internal.cloud
  hosts:
    - ratings
  location: MESH_INTERNAL
  resolution: STATIC
  ports:
    - number: 9080
      name: http
      protocol: HTTP
      targetPort: 9080
  workloadSelector:
    labels:
      app: ratings

apiVersion: networking.istio.io/v1beta1
kind: WorkloadEntry
metadata:
  name: ratings-v1
spec:
  serviceAccount: ratings-vm
  address: ratings.internal.cloud
  labels:
    app: ratings
    version: v1
  ports:
    http: 9080

Kiali validations should ensure that for every WorkloadEntry object selected by the ServiceEntry.workloadSelector field, the ServiceEntry.addresses field has an entry that matches the WorkloadEntry.address field. Without this, Istio does not create an upstream cluster in the envoy config for the workload and traffic will be routed to the PassthroughCluster even if it makes it to the app successfully.
@nrfox nrfox added enhancement This is the preferred way to describe new end-to-end features. area/envoy labels Sep 8, 2021
@lucasponce lucasponce added the backlog Triaged Issue added to backlog label Sep 10, 2021
@xeviknal xeviknal self-assigned this Oct 11, 2021
@lucasponce lucasponce added this to Backlog in Sprint 65 (v1.43) via automation Oct 25, 2021
@xeviknal xeviknal moved this from Backlog to In Progress in Sprint 65 (v1.43) Nov 8, 2021
@xeviknal xeviknal mentioned this issue Nov 9, 2021
Merged
Sprint 65 (v1.43) automation moved this from In Progress to Done Nov 10, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@xeviknal xeviknal

Labels
backlog Triaged Issue added to backlog enhancement This is the preferred way to describe new end-to-end features.
Projects
No open projects
Sprint 65 (v1.43)
  
Done
Milestone
No milestone
3 participants
@xeviknal @lucasponce @nrfox