Not sure if this is the right place but I asked on CNCF’s Istio Slack channel and got no responses so maybe it would make more sense to put it here.
I am trying to debug an access error I can see in Kiali and I am sort of stuck.
The error is “DestinationWeight on route doesn’t have a valid service (host not found)”
and the spec part of VirtualService it points at looks like this:
spec:
hosts:
- argocd.private.dev
gateways:
- argocd-private-gateway
tls:
- match:
- sniHosts:
- argocd.private.dev
port: 443
route:
- destination:
host: argocd-server.argocd.svc.cluster.local
port:
number: 443
As described here Validation | Kiali this should mean that fqdn “argocd-server.argocd.svc.cluster.local” is not reachable or does not exist, but I can ping it from a pod created in a different namespace than the one it is in and it resolves fine - additionally if I make the service as nodeport I can get to it fine (so it works fine) and I am not sure why Istio cannot resolve/get to it?
Istio 1.17 installed via helm chart.
Has anyone encountered this problem? Any hints where I can look for clues?
To add a bit more of context, I’ve tried with kubectl sniff and can see that traffic gets to the istio-ingress but nothing gets past it to the service/pod and it returns
HTTP/1.1 503 Service Unavailable
server: istio-envoy