I am very new to istio, so I am still not very clearly about what scenario virtual service is targeting. I am using it with Gateway to config the routing rule and it works as expected.
My problem is, when i want to access a k8s internal service, such as I have a internal service call ServiceA without any sub version. so I have several container A deployed, and using label to select those pod for serviceA, which is just pure k8s way (but already inject by istio on A pod).
When there is another pod (already inject by istio), who want to access the serviceA, such as by “serviceA.namespaceA”. Should I just call the dns name directly without deploy any istio object. Or I should deploy a virtual service, and give a serviceA to serviceA routing? I am just confusing here, whether virtual service is a must have istio object I need to deploy? Or it is optional for internal service access?
You do not need a VirtualService to access serviceA.namespaceA. Everything should the same as before.
You only need to create a VirtualService for an existing K8s Service if you wish to do additional things such as version-specific routing.
1 Like
Thanks very much for sharing those 
I have similar issue, where when I request a frontend service using virtual service via i’ts ingress gateway and it just works fine, but if my frontend service requires a backend service to access with in the same istio-enabled namespace with it’s internal fqdn, it gives 404 error and because of that envoy proxy gives me 500 internal server error. I believe by default internal services should be accessible by their internal fqdn (indeed they are, when I access them using fqdn internally from my frontend pod). is this happening due to some headers are not being forwarded?
Well 404 means that the URL endpoint does not exist. Are you sure that the URL is correct?