Unable to call knative GCP Cloud Run service from another Kubernetes service running in the same cluster

Question

I have GKE kubernetes cluster with Cloud Run for Anthos enabled (also running Anthos Service Mesh with Istio) on it which allows me to host GCP Cloud run container services along with other Kubernetes services in the same cluster.

I am trying to access the Auth Service (running on Knative Cloud Run for Anthos) which is in the same namespace from Webapi service (running as Kubernetes Service) but its unable to resolve the auth-service. I had assumed that it would be able to call the actual service via the external name provisioned by Cloud Run/knative but that doesn't seem to work. And I'm invoking the service in my code via the name on default port.

I am new to the Kubernetes/Istio/Knative world and don't quite understand DNS resolution within this space and so any insights on this would very helpful.

>> kubectl describe svc web-api -n backend
Name:              web-api
Namespace:         backend
Labels:            app=web-api
                   service=web-api
Annotations:       cloud.google.com/neg: {"ingress":true}
Selector:          service=web-api
Type:              ClusterIP
IP Family Policy:  SingleStack
IP Families:       IPv4
IP:                10.64.5.37
IPs:               10.64.5.37
Port:              http  51080/TCP
TargetPort:        80/TCP
Endpoints:         10.60.0.243:80
Session Affinity:  None
Events:            <none>

>> kubectl describe svc auth-service -n backend
Name:              auth-service
Namespace:         backend
Labels:            serving.knative.dev/route=auth-service
               serving.knative.dev/service=auth-service
Annotations:       client.knative.dev/user-image:
                 gcr.io/project/team-
app/auth@sha256:7be19cee11b277dd241fd386d4bb83a94d7ab2ed9c9
               cloud.google.com/neg: {"ingress":true}
               run.googleapis.com/client-name: cloud-console
               serving.knative.dev/creator: [email protected]
               serving.knative.dev/lastModifier: [email protected]
Selector:          <none>
Type:              ExternalName
IP Families:       <none>
IP:                
IPs:               <none>
External Name:     knative-local-gateway.istio-system.svc.cluster.local
Port:              http2  80/TCP
TargetPort:        80/TCP
Endpoints:         <none>
Session Affinity:  None
Events:            <none>

Answer 1

It worked by referencing fullhostname http://auth-service.backend.svc.cluster.local in my code appsettings.json file instead of only the external service name which I previously assumed should be sufficient.

Answer 2

You probably want to look at the Knative Service for a URL, rather than at the Kubernetes Service.

If you run kubectl describe ksvc -n backend or even kubectl get ksvc -n backend, you should get a URL you can use to reach the Knative Service. (Yes, having two different things named "Service" is confusing. Yes, it's too late to change it.)