ConsistentHash persistence not working between east-west traffic between services in the cluster

Within the cluster I have two services, frontend and backend. Backend is a Socketio instance and has a virtualservice in the “mesh” gateway and a destination rule that looks like this:

kind: DestinationRule
  name: backend
  namespace: prod
        httpHeaderName: Sec-WebSocket-Version
      app: backend

I have also used istioctl x describe pod "$(kubectl get pod -l app=backend -o jsonpath='{.items[0]}')" to verify that the virtualservice and destinationrule are applying to the correct pods.

The frontend needs to make multiple http (instead of ws://) calls to the backend but needs to hit the same backend instance for each group of requests. Perhaps Sec-WebSocket-Version isn’t the best header to match on but I wanted to try the easiest one to get a proof of concept with. I have also tried useSourceIP, and the cookie strategy described in Istio setup for - #3 by skalinets.

I turned on Envoy logging to confirm %REQ(Sec-WebSocket-Version)% is set to the same value for all requests. Despite this, I often see the requests hitting multiple pods. How do I resolve this issue?


I was able to resolve this by both removing my workloadSelector and fixing the global.proxy.includeIPRanges in my istio config.