Uploaded image for project: 'OpenShift Service Mesh'
  1. OpenShift Service Mesh
  2. OSSM-4809

Routing to external service with ServiceEntry does not work for fake IP

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Won't Do
    • Icon: Minor Minor
    • None
    • OSSM 2.4.0
    • Maistra
    • False
    • None
    • False

      How to reproduce:
      1. Create ServiceEntry:

      kind: ServiceEntry
metadata: 
  name: external-service
spec: 
  exportTo: '.'
  hosts: 
  - fake.external.com
  location: MESH_EXTERNAL
  resolution: DNS
  endpoints: 
  - address: external.default.svc.cluster.local
  ports: 
  - name: https
    number: 443
    protocol: HTTPS

      2. Execute request using fake IP and specify Host header:

      curl -H "Host: fake.external.com" https://1.1.1.1:443

      The request above should succeed, but it fails.

      I figured out this issue when I was rebasing federation, so it seems that federation somehow affects service registry. I reproduced this issue in maistra/istio 2.4 (I didn't try 2.3 and 2.2), and therefore I didn't try to fix it, because it's an existing bug.

      I believe we will not need to fix it, because it wasn't reported by customers so far and it does not seem to be important use case.

              Unassigned Unassigned
              jewertow@redhat.com Jacek Ewertowski
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: