Service Entry parsing error

Problem representation

Create Service Entry

apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
  name: gitlab-huoys
spec:
  hosts:
  - gitlab-huoys
  location: MESH_INTERNAL
  ports:
  - name: https
    number: 5500
    protocol: TCP
  resolution: STATIC
  endpoints:
  - address: 8.8.8.8

The istio-pilot log shows the following errors:
parseHostname(gitlab-huoys) => error missing service name and namespace from the service hostname "gitlab-huoys"

Solution

It is normal to change it to the following:

apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
  name: gitlab-huoys
spec:
  hosts:
  - git.service-entry.com
  location: MESH_INTERNAL
  ports:
  - name: https
    number: 5500
    protocol: TCP
  resolution: STATIC
  endpoints:
  - address: 8.8.8.8

It should be judgement logic if the host does not take. As a host name resolution causes problems, specific need to see the code.

Istio-ingress gateway namespace isolation

Problem phenomenon

Istio-ingress gateway written on official documents is not allowed to be used across namespaces, but it can be used in practice (the new version is supported, but not recommended)

REQUIRED: One or more labels used to select the specific gateway workload to which this configuration should be applied. It is recommended that the Gateway resource reside in the same namespace as the gateway workload. This may become a requirement in the future.

Solution

Istio-ingress gateway can be used across namespaces
The istio-ingress gateway is in namespace A, but creating a Gateway in namespace B can take effect normally. Gateway is defined as follows

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: gitlab
  namespace: B
spec:
  selector:
    istio: ingressgateway
  servers:
  - hosts:
    - test.com
    port:
      name: https
      number: 443
      protocol: HTTPS
    tls:
      mode: PASSTHROUGH