istio.io/istio@v0.0.0-20240520182934-d79c90f27776/pkg/config/analysis/analyzers/testdata/virtualservice_destinationhosts.yaml

istio.io/istio@v0.0.0-20240520182934-d79c90f27776/pkg/config/analysis/analyzers/testdata/virtualservice_destinationhosts.yaml (about)

     1  apiVersion: v1
     2  kind: Service
     3  metadata:
     4    name: reviews
     5    namespace: default
     6  spec:
     7    ports:
     8    - port: 42
     9      name: tcp-test
    10      protocol: TCP
    11  ---
    12  apiVersion: v1
    13  kind: Service
    14  metadata:
    15    name: reviews-2port
    16    namespace: default
    17  spec:
    18    ports:
    19    - port: 80
    20      name: http-test
    21      protocol: HTTP
    22    - port: 443
    23      name: https-test
    24      protocol: HTTPS
    25  ---
    26  apiVersion: networking.istio.io/v1alpha3
    27  kind: ServiceEntry
    28  metadata:
    29    name: external-reviews
    30    namespace: default
    31  spec:
    32    hosts:
    33    - external-reviews.org
    34  ---
    35  apiVersion: networking.istio.io/v1alpha3
    36  kind: ServiceEntry
    37  metadata:
    38    name: eu-wildcard
    39    namespace: default
    40  spec:
    41    hosts:
    42    - "*.eu.bookinfo.com"
    43  ---
    44  apiVersion: networking.istio.io/v1alpha3
    45  kind: ServiceEntry
    46  metadata:
    47    name: service-entry-ignore
    48    namespace: default-ignore
    49  spec:
    50    exportTo:
    51      - "."
    52    hosts:
    53    - "*" # This ServiceEntry should not match any instance as it isn't exported to other namespaces
    54  ---
    55  apiVersion: networking.istio.io/v1alpha3
    56  kind: ServiceEntry
    57  metadata:
    58    name: service-entry-other
    59    namespace: other
    60  spec:
    61    exportTo:
    62      - "."
    63    hosts:
    64    - "other.bookinfo.com" # This ServiceEntry should not match any instance as it isn't exported to other namespaces
    65  ---
    66  apiVersion: networking.istio.io/v1alpha3
    67  kind: ServiceEntry
    68  metadata:
    69    name: service-entry-exported
    70    namespace: other
    71  spec:
    72    exportTo:
    73      - "default"
    74    hosts:
    75    - "abc.bookinfo.com" # This ServiceEntry matches a destination host in a virtualService in another namespace
    76  ---
    77  apiVersion: networking.istio.io/v1alpha3
    78  kind: VirtualService
    79  metadata:
    80    name: reviews
    81    namespace: default
    82  spec:
    83    http:
    84    - route:
    85      - destination:  # This virtualservice has no validation errors (base case)
    86          host: reviews
    87          subset: v1
    88  ---
    89  apiVersion: networking.istio.io/v1alpha3
    90  kind: VirtualService
    91  metadata:
    92    name: reviews-bogushost
    93    namespace: default
    94  spec:
    95    http:
    96    - route:
    97      - destination:
    98          host: reviews-bogus # This host does not exist, should result in a validation error
    99          subset: v1
   100  ---
   101  apiVersion: networking.istio.io/v1alpha3
   102  kind: VirtualService
   103  metadata:
   104    name: reviews-fqdn
   105    namespace: default
   106  spec:
   107    http:
   108    - route:
   109      - destination:
   110          host: reviews.default.svc.cluster.local # FQDN representation is valid and should not generate an error
   111          subset: v1
   112  ---
   113  apiVersion: networking.istio.io/v1alpha3
   114  kind: VirtualService
   115  metadata:
   116    name: reviews-external
   117    namespace: default
   118  spec:
   119    http:
   120    - route:
   121      - destination:
   122          host: external-reviews.org  # Referring to a ServiceEntry host is valid and should not generate an error
   123                                      # Since this is an "external" service, subset is omitted
   124  ---
   125  apiVersion: networking.istio.io/v1alpha3
   126  kind: VirtualService
   127  metadata:
   128    name: reviews-bookinfo-eu
   129    namespace: default
   130  spec:
   131    http:
   132    - route:
   133      - destination:
   134          host: reviews.eu.bookinfo.com # This should match the eu-wildcard service entry and not generate an error
   135  ---
   136  apiVersion: networking.istio.io/v1alpha3
   137  kind: VirtualService
   138  metadata:
   139    name: reviews-bookinfo-eu-wildcard
   140    namespace: default
   141  spec:
   142    http:
   143    - route:
   144      - destination:
   145          host: "*.eu.bookinfo.com" # Should match *.eu.bookinfo.com
   146  ---
   147  apiVersion: networking.istio.io/v1alpha3
   148  kind: VirtualService
   149  metadata:
   150    name: reviews-bookinfo-other
   151    namespace: default
   152  spec:
   153    http:
   154    - route:
   155      - destination:
   156          host: other.bookinfo.com # Should generate validation error, the SE is in another namespace
   157  ---
   158  apiVersion: networking.istio.io/v1alpha3
   159  kind: VirtualService
   160  metadata:
   161    name: reviews-mirror
   162    namespace: default
   163  spec:
   164    http:
   165    - route:
   166      - destination:
   167          host: reviews
   168          subset: v1
   169      mirror: # Includes mirroring, but should not generate any errors
   170        host: reviews
   171        subset: v1
   172  ---
   173  apiVersion: networking.istio.io/v1alpha3
   174  kind: VirtualService
   175  metadata:
   176    name: reviews-mirror-bogushost
   177    namespace: default
   178  spec:
   179    http:
   180    - route:
   181      - destination:
   182          host: reviews
   183          subset: v1
   184      mirror:
   185        host: reviews-bogus # This host does not exist, should result in a validation error
   186        subset: v1
   187  ---
   188  apiVersion: networking.istio.io/v1alpha3
   189  kind: VirtualService
   190  metadata:
   191    name: reviews-bogusport
   192    namespace: default
   193  spec:
   194    http:
   195    - route:
   196      - destination:
   197          host: reviews
   198          subset: v1
   199          port:
   200            number: 999 # No match for this port number, should generate an error
   201  ---
   202  apiVersion: networking.istio.io/v1alpha3
   203  kind: VirtualService
   204  metadata:
   205    name: reviews-2port-missing
   206    namespace: default
   207  spec:
   208    http:
   209    - route:
   210      - destination:  # Since reviews-2port exposes multiple ports, not including a port in the destination is an error
   211          host: reviews-2port
   212          subset: v1
   213  ---
   214  apiVersion: networking.istio.io/v1alpha3
   215  kind: VirtualService
   216  metadata:
   217    name: reviews-2port-present
   218    namespace: default
   219  spec:
   220    http:
   221    - route:
   222      - destination:
   223          host: reviews-2port
   224          subset: v1
   225          port:
   226            number: 80 # Should not generate an error since we specify a valid port, as required in this case
   227  ---
   228  apiVersion: networking.istio.io/v1alpha3
   229  kind: VirtualService
   230  metadata:
   231    # This VirtualService is in 'istio-system' and uses a FQDN destination
   232    name: cross-namespace
   233    namespace: istio-system
   234  spec:
   235    hosts: [reviews]
   236    http:
   237      - route:
   238          - destination:
   239              # Should not generate error because the this host exists, just not in our namespace
   240              host: reviews.default.svc.cluster.local
   241  ---
   242  apiVersion: v1
   243  kind: Service
   244  metadata:
   245    name: details
   246    namespace: default
   247    annotations:
   248      networking.istio.io/exportTo: banana
   249    labels:
   250      app: details
   251      service: details
   252  spec:
   253    ports:
   254    - port: 9080
   255      name: http
   256    selector:
   257      app: details
   258  ---
   259  apiVersion: networking.istio.io/v1alpha3
   260  kind: VirtualService
   261  metadata:
   262    # This VirtualService is in 'istio-system' and uses a FQDN destination, but this ns doesn't see that Service
   263    name: cross-namespace-details
   264    namespace: istio-system
   265  spec:
   266    hosts: [details]
   267    http:
   268      - route:
   269          - destination:
   270              # Should generate error, because details is only exported to "banana" ns
   271              host: details.default.svc.cluster.local
   272  ---
   273  apiVersion: networking.istio.io/v1alpha3
   274  kind: VirtualService
   275  metadata:
   276    # This is cross-namespace, but not a problem, details has explicit networking.istio.io/exportTo=banana
   277    name: banana-details
   278    namespace: banana
   279  spec:
   280    hosts: [details]
   281    http:
   282      - route:
   283          - destination:
   284              host: details.default.svc.cluster.local
   285  ---
   286  apiVersion: v1
   287  kind: Service
   288  metadata:
   289    name: hello
   290    namespace: hello
   291    annotations:
   292      networking.istio.io/exportTo: hello1,hello2,. # export to hello1, hello2 and the namespace itself belongs to
   293    labels:
   294      app: hello
   295      service: hello
   296  spec:
   297    ports:
   298      - port: 9080
   299        name: http
   300    selector:
   301      app: hello
   302  ---
   303  apiVersion: networking.istio.io/v1alpha3
   304  kind: VirtualService
   305  metadata:
   306    # This is cross-namespace, but not a problem, details has explicit networking.istio.io/exportTo=hello1,hello2,.
   307    name: hello
   308    namespace: hello1
   309  spec:
   310    hosts: [hello]
   311    http:
   312      - route:
   313          - destination:
   314              host: hello.hello.svc.cluster.local
   315  ---
   316  apiVersion: networking.istio.io/v1alpha3
   317  kind: VirtualService
   318  metadata:
   319    # This is cross-namespace, but not a problem, details has explicit networking.istio.io/exportTo=hello1,hello2,.
   320    name: hello
   321    namespace: hello2
   322  spec:
   323    hosts: [hello]
   324    http:
   325      - route:
   326          - destination:
   327              host: hello.hello.svc.cluster.local
   328  ---
   329  apiVersion: networking.istio.io/v1alpha3
   330  kind: VirtualService
   331  metadata:
   332    # This is cross-namespace, but not a problem, details has explicit networking.istio.io/exportTo=hello1,hello2,.
   333    name: hello
   334    namespace: hello
   335  spec:
   336    hosts: [hello]
   337    http:
   338      - route:
   339          - destination:
   340              host: hello.hello.svc.cluster.local
   341  ---
   342  apiVersion: networking.istio.io/v1alpha3
   343  kind: VirtualService
   344  metadata:
   345    name: hello-export-to-bogus
   346    namespace: hello
   347  spec:
   348    hosts: [hello]
   349    exportTo:
   350      - bogus # This should generate an error, because the exportTo
   351    http:
   352      - route:
   353          - destination:
   354              host: hello.hello.svc.cluster.local
   355  ---
   356  apiVersion: networking.istio.io/v1alpha3
   357  kind: VirtualService
   358  metadata:
   359    name: vs-to-extporto-serviceentry
   360    namespace: default
   361  spec:
   362    http:
   363    - route:
   364      - destination:  # This virtualservice has no validation errors
   365          host: abc.bookinfo.com # Host defined in an SE in another namespace, but exported to this namespace