Within the cluster I have two services, frontend and backend. Backend is a Socketio instance and has a virtualservice in the “mesh” gateway and a destination rule that looks like this:
---
apiVersion: networking.istio.io/v1beta1
kind: DestinationRule
metadata:
name: backend
namespace: prod
spec:
host: backend.prod.svc.cluster.local
trafficPolicy:
loadBalancer:
consistentHash:
httpHeaderName: Sec-WebSocket-Version
workloadSelector:
matchLabels:
app: backend
I have also used istioctl x describe pod "$(kubectl get pod -l app=backend -o jsonpath='{.items[0].metadata.name}')" to verify that the virtualservice and destinationrule are applying to the correct pods.
The frontend needs to make multiple http (instead of ws://) calls to the backend but needs to hit the same backend instance for each group of requests. Perhaps Sec-WebSocket-Version isn’t the best header to match on but I wanted to try the easiest one to get a proof of concept with. I have also tried useSourceIP, and the cookie strategy described in Istio setup for socket.io - #3 by skalinets.
I turned on Envoy logging to confirm %REQ(Sec-WebSocket-Version)% is set to the same value for all requests. Despite this, I often see the requests hitting multiple pods. How do I resolve this issue?
Thanks