My setup:
Gateway:
apiVersion: networking.istio.io/v1beta1
kind: Gateway
metadata:
name: mygateway
spec:
selector:
istio: ingressgateway # use istio default controller
servers:
- port:
number: 443
name: https
protocol: HTTPS
hosts:
- host-a.example.com
tls:
mode: SIMPLE
credentialName: istio-ingressgateway-certs-tls
Virualhost:
kind: VirtualService
metadata:
name: myapp
spec:
hosts:
- host-a.example.com
gateways:
- my-istio-system/my-gateway
http:
- name: myapp
match:
- uri:
prefix: /fancy
route:
- destination:
host: myapp # must match service
port:
number: 80
Service Endpoints and Deployment of application is implemented accodingly and imho not relevant for this question, since the issue occurs at istio ingress gateway.
I have a second host/domain host-b.example.com with another pod which is rigjht now not part of the mesh. (see gateway definition)
Idea of the test is to make sure that requests to domain (example.com) for either applications. e.g.host-a within and host-b outside of the mesh are properly routed.
My setup is running on openshift and I tested directly against the router pods and external lb.
What I observe:
HTTP Response: 404 (from curl) when I access host-b
istio system Ingress gateway logs: 404 NR route_not_found, for some reason istio tries to route requests for host-b to host-a
What I expect:
- Requests for domain host-1.example.com are routed/forwarded via service mesh gateway to app (routerpod->ingressgateway->sidecar->app)
- Requests for domain host-2.example.com are routed/forwarded “directly” to app (routerpod->app)