Request by domain name between services return 404

I got a namespace with istio(1.6.8) auto-injection enabled, App-A and App-B are both in this namespace, App-A send post request to App-B to register itself, by using domain name “register.a.com”. This domain name point to App-B’s serivce ClusterIP(in my case is “10.79.229.193”) through kubernetes “hostAliases”. App-A always get 404 after sending request.

In App-A’s pod, trying to send a post request to “register.a.com” using curl return 404, but by replacing this domain name with “10.79.229.193”, it’s all good.

It does has “Gateway” and “VirtualService” configuration, but those are for traffic from outside into the mesh, right?

Dose traffic between services in mesh naturally allowed? or I should configure about it?

And I’m working on ServiceEntry, but it didn’t work, I know ServiceEntry mostly use for “external service” that we’d like to manage by istio, but how to achieve this?
2020-11-17_173118

apiVersion: networking.istio.io/v1beta1
kind: ServiceEntry
metadata:
name: oa-register
spec:
hosts:
- register.a.com
ports:
- number: 8761
name: oa-register
protocol: HTTP
location: MESH_INTERNAL
resolution: STATIC
endpoints:
- address: 10.79.229.193

Dose anyone know how to figure this out?

Does anyone has a clue?

Dose anyone know how to solve this?

Gateway and VirtualService configs are not just for outside traffic btw

Can you post the Gateway and Virtual service. In this case i dont believe you need a Gateway entry. A simple Virtual service with the host you describe should be sufficient.

Thank for the correction.

Actually it doesn’t has a relevent VirtualService configuration, I’ve checked VirtualService using case in istio’s doc, but couldn’t find one that possible solve this, so there is no configuration about "register.a.com” at the moment.

So you mean VirtualService should be configured in this situation, could you give me an example?

Anyway, I put that non-relevent configuration below if that can help.

Can anyone give some help?

The question you are asking is somewhat confusing. if you would like to make a call to an application running an istio sidecar, you have to create a virtual service for that hostname you would like to use register.a.com and map that virtual service to your service entry.

Hello nick, I’ve tried creating VirtualService and ServiceEntry, by following istio’s doc, but still get 404, here is the configuration

I don’t know if it has anything wrong about this configuration, could you help me figure this out?

Thank you.

you might have to debug further. i would suggest the steps listed here https://www.tetrate.io/blog/debugging-your-istio-networking-configuration/

Thank you, Nick.

I may misleading this when I say “I don’t know if it has anything wrong”, actually I don’t know what is the regular configuration in this kind of scene, and I tried to Google it but still got no luck.

I’ve tried the debug list in order, istioctl analyze is good, all resources are in the same namespace, Istiod log shows no WANRING and ERROR, what I can’t make sure is istioctl proxy-config's result, I don’t quite understand it.
But I find this from APP-A’s istio-proxy container log:

[2020-12-17T09:57:12.128Z] GET /eureka/apps/delta HTTP/1.1 Java-EurekaClient/v1.9.2 - 404 route_not_found - -
[2020-12-17T09:57:12.131Z] GET /eureka/apps/ HTTP/1.1 Java-EurekaClient/v1.9.2 - 404 route_not_found - -
[2020-12-17T09:57:12.133Z] GET /eureka/apps/ HTTP/1.1 Java-EurekaClient/v1.9.2 - 404 route_not_found - -

So is still VirtualService misconfigure? or I miss some configuration that I didn’t even know it should be configured?

maybe start with the Istio bookinfo demo as it familiarizes you with some of the concepts https://istio.io/latest/docs/examples/bookinfo/

Hi Nick,

I’ll give some more research about istioctl proxy-config.

Talking about the doc, I read this doc before I open this case, also read each subject under the “Traffic Management”, and searched other pages for a hint, but none of them gives clue which could fit in this scene.

Did the 404 log mean anything?

i cannot tell you much more about the 404, are you sure the istio sidecar is resppoding with it or your application. I was suggesting you deploy the bookinfo demo because it is syntactically correct and routing should work. You should be able to test alongside your application and debug further.

The 404 error is from istio sidecar, which been intercepted by istio-proxy of APP-A.

Do you mean I should deploy my application in the bookinfo demo’s namespace, and then test my deployment?

I could try bookinfo demo, but I can’t come up with what is the different between “in the bookinfo demo’s namespace” and “in the current namespace”.

i would follow the bookinfo demo setup as is. once you get that working you should be able to understand the differences between it and your environment.