Services generated by fissile make Istio malfunction

[giner]

When Istio is in use on a Kubenrnetes cluster, port names of all Services have to follow the naming convention required by Istio. This is also true when the components generated by fissile are not using Istio themselves. While this can be considered a design flaw and might be fixed in future we have to deal with it somehow in the meanwhile.

Here are a couple of things that could be done to mitigate the issue:

• Add networking.istio.io/exportTo= . annotation to the Services generated by fissile which are not supposed to be accessed through Istio - helps to work around https://github.com/istio/istio/issues/9784 and https://github.com/istio/istio/issues/14520
• Rename ports to comply with the naming conventions required by Istio https://istio.io/docs/setup/kubernetes/additional-setup/requirements keeping in mind that a certain port number must have the same name prefix over the whole cluster unless the service is scoped to a single namespace by networking.istio.io/exportTo= ., e.g. for port 443 the name must always start from https - helps with https://github.com/istio/istio/issues/14520

cc: @iandyh @viovanov

Update:

• I looks like I'm mixing two problems here (https://github.com/istio/istio/issues/9784 and https://github.com/istio/istio/issues/14520) though it's fine as they are similar in a way they affect the rest of the cluster and the approaches towards solving the issues are likely to be connected

[zhanggbj]

Another problem related to the port definition is some role in scf have conflict port number with Istio component, which should be avoided. https://istio.io/docs/setup/kubernetes/additional-setup/requirements/#ports-used-by-istio

For e.g.,

• cc-uploader

      ports:
      - name: cc-up-listen
        protocol: TCP
        internal: 9091
      - name: cc-up-dbg
        protocol: TCP
        internal: 17018

Which is conflicting with Istio Mixer

9090	HTTP	Prometheus	Prometheus

9091	HTTP	Mixer	Policy/Telemetry

[giner]

@zhanggbj, exportTo should help to avoid the conflict as I understand it now.