Istio 遇到的问题汇总

最新推荐文章于 2025-10-09 15:52:18 发布

原创最新推荐文章于 2025-10-09 15:52:18 发布 · 3.8k 阅读

1 ·

CC 4.0 BY-SA版权

kubernetes 同时被 3 个专栏收录

30 篇文章

订阅专栏

k8s

12 篇文章

订阅专栏

micro

5 篇文章

订阅专栏

ServiceEntry 解析错误

问题表现

创建 ServiceEntry

apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
  name: gitlab-huoys
spec:
  hosts:
  - gitlab-huoys
  location: MESH_INTERNAL
  ports:
  - name: https
    number: 5500
    protocol: TCP
  resolution: STATIC
  endpoints:
  - address: 8.8.8.8

istio-pilot 日志显示错误如下：
parseHostname(gitlab-huoys) => error missing service name and namespace from the service hostname "gitlab-huoys"

解决方案

将其改为如下内容后正常：

apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
  name: gitlab-huoys
spec:
  hosts:
  - git.service-entry.com
  location: MESH_INTERNAL
  ports:
  - name: https
    number: 5500
    protocol: TCP
  resolution: STATIC
  endpoints:
  - address: 8.8.8.8

应该是判断逻辑中如果host 没有带 . 就当作主机名解析导致出问题，具体需要看代码。

istio-ingressgateway 命名空间隔离

问题现象

官网文档上写 istio-ingressgateway 不可跨命名空间使用，但实际可以夸命名空间使用 (新版本已经写明支持，但不建议)

REQUIRED: One or more labels used to select the specific gateway workload to which this configuration should be applied. It is recommended that the Gateway resource reside in the same namespace as the gateway workload. This may become a requirement in the future.

解决方案

istio-ingressgateway 可以跨命名空间使用
istio-ingressgateway 在命名空间A, 但在命名空间B 创建 Gateway 可以正常生效，Gateway 定义如下

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: gitlab
  namespace: B
spec:
  selector:
    istio: ingressgateway
  servers:
  - hosts:
    - test.com
    port:
      name: https
      number: 443
      protocol: HTTPS
    tls:
      mode: PASSTHROUGH