Istio envoy is dropping requests with Host header
The above issue is the only one that's even remotely similar to my issue. However, the Host in my header is service-b.myns.svc.cluster.local and I don't see why that should be a problem.
I've got a namespace with many Deployments and Services. And for each Service I've also defined a VirtualService. Example:
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
labels:
app: service-b
name: service-b
namespace: myns
spec:
gateways:
- myns.myns.svc.cluster.local
hosts:
- '*'
http:
- match:
- uri:
prefix: /.well-known
- uri:
prefix: /robots.txt
- uri:
prefix: /apple-app-site-association
- uri:
prefix: /favicon.ico
- uri:
prefix: /content/
route:
- destination:
host: service-b.myns.svc.cluster.local
port:
number: 80I have another service, call it service-a that should be able to retrieve /.well-known, robots.txt, /content/header, /content/footer etc. I'm assuming that, because I've defined a route for these paths to lead directly to service-b, they should be retrievable by service-a. However, the logs say this:
[2019-02-22T01:07:54.557Z] "GET /content/headerHTTP/1.1" 404 NR 0 0 0 - "-" "curl/7.52.1" "789b3b81-9f61-43c3-b01a-b66d35c1d635" "service-b" "-" - - 10.x.x.x:80 10.y.y.y:47526Per the Envoy docs, NR means no route. Have I not defined a route in my VirtualService?
I can get a 200 response for each of those paths if I just plug them in to the URL bar in my browser (ie. <istio-ingressgateway-ip-address>/robots.txt). Why?
I've narrowed down the issue to the istio proxy on the pod for service-a. I did this by removing the istio-proxy sidecars one at a time. There are two cases in which I get successfull 200s from service-a:
[SVCA][ISTIOPROXY] ---> X [ISTIOPROXY][SVCB] # Does not work
[SVCA][ISTIOPROXY] ---> X [SVCB] # Does not work
[SVCA] ---> ✓ [SVCB] # Does work
[SVCA] ---> ✓ [ISTIOPROXY][SVCB] # Does work