Reputation: 5926
K8S upstream connect error or disconnect/reset before headers. Reset reason: Connection failure
I have a java war file for which I have created an image. When I locally run the image it works fine over HTTP.
Now I am trying to run the containers using Kubernetes. I created a Kubernetes Service to expose the app Pod to the outside.
Below is my Kubernetes deployment.yaml. Not an expert in Docker and Kubernetes. Specially lost in the different metadata of Kubernetes services. Might have done some mistake there to expose HTTP and HTTPS both on 8080 and 443 respectively.
apiVersion: apps/v1
kind: Deployment
metadata:
creationTimestamp: null
labels:
app: demo
name: demo
spec:
replicas: 1
selector:
matchLabels:
app: demo
strategy: {}
template:
metadata:
creationTimestamp: null
labels:
app: demo
spec:
containers:
- image: <imagename1>
name: cmisfileshare
resources: {}
imagePullPolicy: Always
status: {}
---
apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
labels:
app: demo
name: demo
spec:
ports:
- name: http
port: 8080
protocol: TCP
targetPort: 80
- name: https
port: 443
protocol: TCP
targetPort: 443
selector:
app: demo
type: ClusterIP
status:
loadBalancer: {}
Now when I run my application I get the following error in my browser
upstream connect error or disconnect/reset before headers. reset reason: connection failure
[UPDATE]
Then I expose the service by applying Kyma API Rules which internally create an Istio virtual service.
If I keep the service as following then it works:
apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
labels:
app: demo
name: demo
spec:
ports:
- name: 8080-8080
port: 8080
protocol: TCP
targetPort: 8080
selector:
app: demo
type: ClusterIP
status:
loadBalancer: {}
Then the endpoint is exposed as HTTPS but the actual traffic from Istio/Envoy proxy to my app is still HTTP. Because in my code I fetch a java servlet request's protocol and it returns HTTP.
How do I enable TLS/HTTPS traffic from Istio to App?
Upvotes: 1
Views: 14905
Answers (0)
Related Questions
- upstream connect error or disconnect/reset before headers. reset reason: connection termination when using Spring Boot
- upstream connect error or disconnect/reset before headers. reset reason: connection failure. Spring Boot and java 11
- `upstream connect error or disconnect/reset before headers` when using istio-ingress-gateway
- "no healthy upstream" error istio routing rule issue
- Connection refused error in outbound request in k8s app container. Istio?
- istio upstream connect error or disconnect/reset before headers. reset reason: connection termination
- Istio with SDS and Mutual TLS: upstream connect error or disconnect/reset before headers. reset reason: connection failure
- Istio envoy upstream reset: reset reason connection failure
- Istio DestinationRule gives upstream connect error or disconnect/reset before headers
- Istio egress gives "upstream connect error or disconnect/reset before headers" errors from python micro-service