Malformed Egress Rule prevents all from working #4262
Description
Scenario
When a malformed Egress Rule is applied, Pilot stops handling all Egress Rules, instead of skipping the bad rule.
apiVersion: config.istio.io/v1alpha2
kind: EgressRule
metadata:
name: httpbin-egress-rule
spec:
destination:
service: httpbin.org
ports:
- port: 80
protocol: http
---
kind: EgressRule
metadata:
name: wikipedia-range1
spec:
destination:
# note "service:" is missing on the following line
91.198.174.192/27
ports:
- port: 443
protocol: tcpExpected
It was expected that Pilot would skip only Egress Rules it can't process.
$ curl -s localhost:8080/v1/routes/80/httpbin/sidecar~10.36.188.228~httpbin-6ddd7d47cb-bwrqv.default~default.svc.cluster.local
{
"virtual_hosts": [
{
"name": "httpbin.org:80",
"domains": [
"httpbin.org",
"httpbin.org:80"
],
"routes": [
{
"prefix": "/",
"cluster": "out.httpbin.org|external-HTTP-80",
"timeout_ms": 0,
"decorator": {
"operation": "default-route"
}
}
]
}
]
}
Actual
Pilot stops serving returning Egress Rules entirely.
$ curl -s localhost:8080/v1/routes/80/httpbin/sidecar~10.36.188.228~httpbin-6ddd7d47cb-bwrqv.default~default.svc.cluster.local
{
"virtual_hosts": []
}