-
Bug
-
Resolution: Done
-
Major
-
None
-
None
-
None
Step to reproduce
1. Deploy simple SMCP
cat <<EOF | oc apply -f -
apiVersion: maistra.io/v2
kind: ServiceMeshControlPlane
metadata:
name: basic
namespace: istio-system
spec:
profiles:
- default
version: v2.0
EOF
2. Add default namespace into SMMR
cat <<EOF | oc apply -f - apiVersion: maistra.io/v1 kind: ServiceMeshMemberRoll metadata: name: default namespace: istio-system spec: members: - default EOF
3. Create Service
cat <<EOF | oc apply -f -
apiVersion: v1
kind: Service
metadata:
name: hello
namespace: default
spec:
externalName: hello.example.com
ports:
- name: http2
port: 80
protocol: TCP
targetPort: 80
sessionAffinity: None
type: ExternalName
EOF
4. Create VirtualService with host duplicated with above service
cat <<EOF | oc apply -f - apiVersion: networking.istio.io/v1beta1 kind: VirtualService metadata: name: hello-mesh namespace: default spec: gateways: - mesh hosts: - hello.default http: - route: - destination: host: some-host port: number: 80 EOF
5. istiod produces the duplicated error.
$ oc -n istio-system logs istiod-basic-6bfb8c9bb4-sv66l -f ... 2021-04-26T08:58:55.379684Z warn ads ADS:RDS: ACK ERROR sidecar~10.129.2.90~networking-istio-6ff595b57c-zgtmb.knative-serving~knative-serving.svc.cluster.local-23 Internal:Only unique values for domains are permitted. Duplicate entry of domain hello.default
Once it happens, other mesh's traffic routing stops working.
Additional Info
Upstream Istio (I tested 1.10-alpha) does not hit this issue.
This issue probably is fixed by https://github.com/istio/istio/pull/24455 ?
Version
$ oc get pod -n openshift-operators istio-operator-f7d5ccc5d-wxvp4 -o yaml |grep image: image: registry.redhat.io/openshift-service-mesh/istio-rhel8-operator@sha256:8ee5f6926150d401e1f62ac8a4861af3261186dce6c94b7e70738dc55454d534 $ oc get deploy -n istio-system istiod-basic -o yaml |grep image: image: registry.redhat.io/openshift-service-mesh/pilot-rhel8@sha256:4163a9d3a9e85d9033b1b6038acfd75af08c7082d87afb3766ba8b4fbe454883
- blocks
-
SRVKS-715 Encryption of in-cluster traffic with Service Mesh
- Closed
- links to