I am implementing some routing logic for a set of internal services where a delegate VirtualService looks like a good solution:
https://istio.io/latest/docs/reference/config/networking/virtual-service/#Delegate
I created some test setup similar to the one in the documentation with only one difference. In my case, the "root" VirtualService bound to the "mesh" Gateway and the "host" is then some internal service name. Is this supposed to work or does delegation only work with non-mesh Gateways?
This is the root VirtualService (the idea is that all requests are sent to worker-pool.default.svc.cluster.local and depending on some HTTP headers they are then forwarded to other VirtualServices):
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: worker-pool
spec:
hosts:
- worker-pool.default.svc.cluster.local
http:
- name: "route 1"
match:
- headers:
customer-id:
exact: alice
delegate:
name: worker-for-alice
- name: "route 2"
match:
- headers:
customer-id:
exact: bob
delegate:
name: worker-for-bob
And here the other VirtualService (only showing one, both look the same):
apiVersion: v1
kind: Service
metadata:
name: worker-for-alice
labels:
app: worker-for-alice
service: worker-for-alice
spec:
...
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: worker-for-alice
spec:
http:
- route:
- destination:
host: worker-for-alice
curl -v worker-pool/? Could you try to change thedelegatetoroute, so you would use single virtual service and check if it works? From my point of view delegate might not work with the headers, as it was made to work on uri, you can read more about it here. – Jakub