Reputation: 2659
Access service by publicIP using istio-ingress gives 503 Servcie unavailable error
My service is working fine when I use port-forwarding and send a get request to the localhost however sending a Get request to the publicDomain gives 503 error message. Here is my configuration files:
apiVersion: v1
kind: Service
metadata:
name: my-app
namespace: default
spec:
ports:
- port: 8080
targetPort: 8080
protocol: TCP
name: http
- port: 9000
targetPort: 9000
protocol: TCP
name: http1
- port: 9001
targetPort: 9001
protocol: TCP
name: http2
selector:
app: my-app
The Deployment config:
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: my-app
namespace: default
spec:
replicas: 1
selector:
matchLabels:
app: my-app
template:
metadata:
labels:
app: my-app
spec:
containers:
- image: myrepo.azurecr.io/my-app:12
name: my-app
ports:
- containerPort: 8080
protocol: TCP
- containerPort: 8000
protocol: TCP
- containerPort: 9000
protocol: TCP
- containerPort: 9001
protocol: TCP
The VirtualService config:
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: my-app
namespace: default
spec:
hosts:
- "app.mydomain.com"
gateways:
- mygateway.istio-system.svc.cluster.local
http:
- match:
- uri:
prefix: /myprefix
route:
- destination:
host: my-app
port:
number: 9001
- match:
- uri:
prefix: /
route:
- destination:
host: my-app
port:
number: 9000
corsPolicy:
allowOrigin:
- "https://test1.domain.com"
- "https://test2.domain.com"
allowMethods:
- POST
- PATCH
allowCredentials: false
allowHeaders:
- X-Tenant-Identifier
- Content-Type
maxAge: "24h"
Gateway config:
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: my-gateway
namespace: istio-system
spec:
selector:
istio: ingressgateway
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "*.mydomain.com"
#tls:
#httpsRedirect: true
- port:
number: 443
name: https
protocol: HTTPS
hosts:
- "*.mydomain.com"
tls:
mode: SIMPLE
serverCertificate: /etc/istio/ingressgateway-certs/tls.crt
privateKey: /etc/istio/ingressgateway-certs/tls.key
Here is some more info:
$ kubectl get ep my-app
NAME ENDPOINTS AGE
my-app 10.244.1.169:9000,10.244.1.169:9001,10.244.1.169:8080 26h
If I forward the port:
$ kubectl port-forward my-app-podid 6001:9001
and then use postman to send a Get request to localhost:6001/myprefix it's working fine and return 200 OK response, however if send a Get request to publicdomain app.mydomain.com/myprefix I get 503 error also using curl:
kubectl exec -n istio-system istio-ingressgateway-podid -- curl -v http://my-app.default.svc.cluster.local:9001/myprefix
Connected to my-app.default.svc.cluster.local (10.0.71.212) port 9001 (#0)
GET /myprefix HTTP/1.1 Host: my-app.default.svc.cluster.local:9001 User-Agent: curl/7.47.0 Accept: /
upstream connect error or disconnect/reset before headers. reset reason: connection termination< HTTP/1.1 503 Service Unavailable
The logs of ingress gateway doesn't give more info than just 503 error message. Does anyone know what is missing?
Upvotes: 0
Views: 1435
Answers (1)
Reputation: 2659
The problem was setting up wrong port names under Service. So the correct Service.yaml file looks like bellow:
apiVersion: v1
kind: Service
metadata:
name: my-app
namespace: default
spec:
ports:
- port: 8080
targetPort: 8080
protocol: TCP
name: http-debug
- port: 9000
targetPort: 9000
protocol: TCP
name: http-app
- port: 9001
targetPort: 9001
protocol: TCP
name: http-monitoring
selector:
app: my-app
https://istio.io/docs/setup/additional-setup/requirements/
Upvotes: 1
Related Questions
- Can't access public IP of AKS ingress
- Istio Ingress does not work - only port forwarding works
- AKS ISTIO Gateway is not accessiable
- getting 404 error for my service while exposing through istio ingress gateway
- AKS Istio Ingress gateway Certificate is not valid
- Need help troubleshooting Istio IngressGateway HTTP ERROR 503
- Istio tls port 443 gives 503 Service Unavailable
- Istio ingress gateway, getting 403 forbidden error
- How to Expose service in AKS with Istio Ingress?
- Isito Ingress Controller Virtual Service returning 503