404 status when curl from pod where istio injection is enabled and works fine in non istio namespace

sgoogal · December 3, 2019, 8:34am

We have an issue where if we try to curl to an external endpoint(internal to our organization) from pod where istio-proxy container is present, we are getting 404, though nslookup provides the correct output.
But from another pod in the same kubernetes cluster(different namespace where istio injection is not enabled) where istio-proxy container is not present, the same curl request work fine with 200 status.

Note : We have enabled global outbound traffic to ALLOW_ANY and curl request to other external endpoints like google.com and http://facebook.com work fine

we dont want to use serviceEntry since we enabled global outbound traffic to ALLOW_ANY

scenusa · December 3, 2019, 9:19am

Does the external endpoint ip match any ip from within the kubernetes cluster?

sgoogal · December 3, 2019, 12:31pm

@scenusa Thanks for your response, I will check that but the thing is when i perform the same curl request using IP instead of fqdn, it works fine, i get the desired output.

sgoogal · December 3, 2019, 12:33pm

@scenusa
curl -d “username=abcd&password=def” http://fqdn/efz/v5/abc —> i am getting 404

curl -d “username=abcd&password=def” http://IP-Address/efz/v5/abc ----> i am getting 200 status with desired result

scenusa · December 4, 2019, 10:48pm

Oh, I see… I’ve asked you that because it once happened to me due to an ip collision. Which istio version are you running?