Related issue
Istio envoy is dropping requests with Host header
The above issue is the only one that's even remotely similar to my issue. However, the Host in my header is service-b.myns.svc.cluster.local and I don't see why that should be a problem.
The situation
I've got a namespace with many Deployments and Services. And for each Service I've also defined a VirtualService. Example:
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
labels:
app: service-b
name: service-b
namespace: myns
spec:
gateways:
- myns.myns.svc.cluster.local
hosts:
- '*'
http:
- match:
- uri:
prefix: /.well-known
- uri:
prefix: /robots.txt
- uri:
prefix: /apple-app-site-association
- uri:
prefix: /favicon.ico
- uri:
prefix: /content/
route:
- destination:
host: service-b.myns.svc.cluster.local
port:
number: 80
The problem
I have another service, call it service-a that should be able to retrieve /.well-known, robots.txt, /content/header, /content/footer etc. I'm assuming that, because I've defined a route for these paths to lead directly to service-b, they should be retrievable by service-a. However, the logs say this:
[2019-02-22T01:07:54.557Z] "GET /content/headerHTTP/1.1" 404 NR 0 0 0 - "-" "curl/7.52.1" "789b3b81-9f61-43c3-b01a-b66d35c1d635" "service-b" "-" - - 10.x.x.x:80 10.y.y.y:47526
Question #1
Per the Envoy docs, NR means no route. Have I not defined a route in my VirtualService?
Question #2
I can get a 200 response for each of those paths if I just plug them in to the URL bar in my browser (ie. <istio-ingressgateway-ip-address>/robots.txt). Why?
Some proggress
I've narrowed down the issue to the istio proxy on the pod for service-a. I did this by removing the istio-proxy sidecars one at a time. There are two cases in which I get successfull 200s from service-a:
[SVCA][ISTIOPROXY] ---> X [ISTIOPROXY][SVCB] # Does not work
[SVCA][ISTIOPROXY] ---> X [SVCB] # Does not work
[SVCA] ---> ✓ [SVCB] # Does work
[SVCA] ---> ✓ [ISTIOPROXY][SVCB] # Does work
