Setting LB Locality but start getting 503

Istion version: 1.8
mtls: permissive

I’m trying to set up destination rule for locality lb:

 apiVersion: networking.istio.io/v1alpha3
 kind: DestinationRule
 metadata:
   name: test-locality-based-distribution
   labels:
     app: gateway
     chart: gateway-0.1.0
     release: gateway
     heritage: Helm    
 spec:
   exportTo:
   - '*'
   host: *.svc.cluster.local
   trafficPolicy:
     loadBalancer:
       localityLbSetting:
         distribute:
         - from: europe-west1/europe-west1-b/*
           to:
             europe-west1/europe-west1-b/*: 90
             europe-west1/europe-west1-c/*: 10
         - from: europe-west1/europe-west1-c/*
           to:
             europe-west1/europe-west1-b/*: 10
             europe-west1/europe-west1-c/*: 90
         enabled: true

It is applied to ‘istio-system’ namespace. As the rule gets propagated I start getting 503. Istio-proxy logs:

2021-03-25T14:21:21.375Z] “- - -” 0 UH “-” 0 0 0 - “-” “-” “-” “-” “-” - - 10.34.0.1:443 10.33.43.17:36162 - -

Target that is not avalable when destination rule is set is kubernetes.default.svc. I tried adding trafficPolicy.tls.mode but that did not help at all. I tried SIMPLE/ISTIO_MUTUAL but as said not working.

I was looking into these to figure how to setups and what could be wrong:

• Istio / Destination Rule
• Istio / Traffic Management Problems
• Istio / Locality Load Balancing

But still no clue what I’m missing. Any pointers, suggestions?

thanks, robert

Update:

After changing the above configuration to:

apiVersion: networking.istio.io/v1beta1
kind: DestinationRule
metadata:
  name: test-locality-based-distribution
  namespace: istio-system
spec:
  host: *.platform.svc.cluster.local
  trafficPolicy:
    loadBalancer:
      localityLbSetting:
        distribute:
        - from: europe-west1/europe-west1-b
          to:
            europe-west1/europe-west1-b: 99
            europe-west1/europe-west1-c: 1
        - from: europe-west1/europe-west1-c
          to:
            europe-west1/europe-west1-b: 1
            europe-west1/europe-west1-c: 99
        enabled: true
    outlierDetection:
      baseEjectionTime: 1m
      consecutive5xxErrors: 100
      interval: 1s

So, I’m having an issue accessing the kubernetes.default.svc.cluster.local in GCP. As it is a headless Service when the host is set as ‘*.svc.cluster.local’ it disappears from the istio-proxy endpoints (istioctl pc endpoints ). I assume that reason is that there are no pods behind this Service, just the Endpoint. So, when DR is applied calls are going to the Service IP, instead of to the Endpoint IP.
Without DR all is fine. Are there any docs that describe this scenario: a headless Service and DestinationRule?

So, if there are no pods locality rules can not be applied and one needs to be specific on which services DR can be applied?