Using istio, I want to create a virtual service to serve a virtual domain/host inside the cluster. So pods inside the cluster can request "http://internal.service.com/path" to reach certain destination services.
One way is to use make all "internal.service.com" host calls to go to istio-ingressgateway.istio-system, and let the gateway envoy handle the routing. But this loss the purpose of service MESH.
So, I'd like to create a virtual service, host=internal.service.com, gateway=mesh so the routing rules can be injected into all pod's sidecars, and the host+path can be accessible inside the pod.
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: internal-service-vs
spec:
hosts:
- "internal.service.com"
gateways:
- mesh
http:
- match:
- uri:
prefix: /path
route:
- destination:
host: a-service.namespace.svc.cluster.local
port:
number: 5000
but inside the pod, when I request internal.service.com, it says the host's DNS cannot be resolved.
seems like virtual service is just creating a inbound routing rule, I thought it could work as an outbound rule.
so I need to request any service (with header Host: internal.service.com) to use the inbound routing rule.
but how to request to current pod's sidecar? I don't want to let the request to be outside the requesting pod, as that single target will take all the loads.
- acceptable request destinations are:
any-service.ns,any-service.ns.svc.cluster.local,service cluster ip - not acceptable request destinations I found:
pod ip(why?),127.0.0.1:15001(chatgpt told me it's the sidecar's HTTP inbound port)
