Istio envoy is dropping requests with Host header
以上问题是唯一与我的问题非常相似的问题。但是,标题中的主机是service-b.myns.svc.cluster.local,我不明白为什么这应该是一个问题。
我有一个包含许多Deployment和Service的命名空间。对于每个Service,我还定义了一个VirtualService。示例:
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
labels:
app: service-b
name: service-b
namespace: myns
spec:
gateways:
- myns.myns.svc.cluster.local
hosts:
- '*'
http:
- match:
- uri:
prefix: /.well-known
- uri:
prefix: /robots.txt
- uri:
prefix: /apple-app-site-association
- uri:
prefix: /favicon.ico
- uri:
prefix: /content/
route:
- destination:
host: service-b.myns.svc.cluster.local
port:
number: 80
我还有另一项服务,称为service-a,该服务应该能够检索/.well-known,robots.txt,/content/header,/content/footer等。我假设那是因为我已经定义了这些路径直接通向service-b的路线,所以service-a应该可以检索它们。但是,日志说:
[2019-02-22T01:07:54.557Z] "GET /content/headerHTTP/1.1" 404 NR 0 0 0 - "-" "curl/7.52.1" "789b3b81-9f61-43c3-b01a-b66d35c1d635" "service-b" "-" - - 10.x.x.x:80 10.y.y.y:47526
对于Envoy docs,NR表示没有路由。我没有在VirtualService中定义路线吗?
如果我将每个路径插入浏览器中的URL栏(即200),我都可以得到<istio-ingressgateway-ip-address>/robots.txt响应。为什么?
我已将问题缩小到service-a的pod上的istio代理。我是通过一次拆下istio-proxy边车来做到这一点的。在两种情况下,我可以从200成功获得service-a:
[SVCA][ISTIOPROXY] ---> X [ISTIOPROXY][SVCB] # Does not work
[SVCA][ISTIOPROXY] ---> X [SVCB] # Does not work
[SVCA] ---> ✓ [SVCB] # Does work
[SVCA] ---> ✓ [ISTIOPROXY][SVCB] # Does work
答案 0 :(得分:1)
您没有配置默认路由。
默认路由示例:
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
labels:
app: service-b
name: service-b
namespace: myns
spec:
gateways:
- myns.myns.svc.cluster.local
hosts:
- '*'
http:
- match:
- uri:
prefix: /.well-known
- uri:
prefix: /robots.txt
- uri:
prefix: /apple-app-site-association
- uri:
prefix: /favicon.ico
- uri:
prefix: /content/
route:
- destination:
host: service-a.myns.svc.cluster.local
port:
number: 80
- route:
- destination:
host: service-b.myns.svc.cluster.local
port:
number: 80