istio - using vs service and gw instead loadbalancer not working

5/26/2019

I’ve the following application which Im able to run in K8S successfully which using service with type load balancer, very simple app with two routes

  1. / - you should see 'hello application`
  2. /api/books should provide list of book in json format

This is the service

apiVersion: v1
kind: Service
metadata:
  name: go-ms
  labels:
    app: go-ms
    tier: service
spec:
  type: LoadBalancer
  ports:
    - port: 8080
  selector:
    app: go-ms

This is the deployment

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: go-ms
  labels:
    app: go-ms

spec:
  replicas: 2
  template:
    metadata:
      labels:
        app: go-ms
        tier: service

    spec:
      containers:
        - name: go-ms
          image: rayndockder/http:0.0.2
          ports:
            - containerPort: 8080
          env:
            - name: PORT
              value: "8080"
          resources:
            requests:
              memory: "64Mi"
              cpu: "125m"
            limits:
              memory: "128Mi"
              cpu: "250m"

after applied the both yamls and when calling the URL:

http://b0751-1302075110.eu-central-1.elb.amazonaws.com/api/books

I was able to see the data in the browser as expected and also for the root app using just the external ip

Now I want to use istio, so I follow the guide and install it successfully via helm using https://istio.io/docs/setup/kubernetes/install/helm/ and verify that all the 53 crd are there and also istio-system components (such as istio-ingressgateway istio-pilot etc all 8 deployments are in up and running)

I’ve change the service above from LoadBalancer to NodePort

and create the following istio config according to the istio docs

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: http-gateway
spec:
  selector:
    istio: ingressgateway
  servers:
    - port:
        number: 8080
        name: http
        protocol: HTTP
      hosts:
        - "*"
---

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: virtualservice
spec:
  hosts:
    - "*"
  gateways:
    - http-gateway
  http:
  - match:
      - uri:
          prefix: "/"
      - uri:
          exact: "/api/books"
    route:
      - destination:
          port:
            number: 8080
          host: go-ms

in addition I’ve added the following

kubectl label namespace books istio-injection=enabled where the application is deployed,

Now to get the external Ip i've used command

kubectl get svc -n istio-system -l istio=ingressgateway

and get this in the external-ip

b0751-1302075110.eu-central-1.elb.amazonaws.com when trying to access to the URL

http://b0751-1302075110.eu-central-1.elb.amazonaws.com/api/books

I got error:

This site can’t be reached

ERR_CONNECTION_TIMED_OUT

if I run the docker rayndockder/http:0.0.2 via docker run -it -p 8080:8080 httpv2

I path's works correctly!

Any idea/hint What could be the issue ?

Is there a way to trace the istio configs to see whether if something is missing or we have some collusion with port or network policy maybe ?

btw, the deployment and service can run on each cluster for testing of someone could help...

if I change all to port to 80 (in all yaml files and the application and the docker ) I was able to get the data for the root path, but not for "api/books"

-- Jhon D
amazon-web-services
docker
istio
kubernetes
load-balancing

1 Answer

5/29/2019

I tired your config with the modification of gateway port to 80 from 8080 in my local minikube setup of kubernetes and istio. This is the command I used:

kubectl apply -f - <<EOF
apiVersion: v1
kind: Service
metadata:
  name: go-ms
  labels:
    app: go-ms
    tier: service
spec:
  ports:
    - port: 8080
  selector:
    app: go-ms
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: go-ms
  labels:
    app: go-ms

spec:
  replicas: 2
  template:
    metadata:
      labels:
        app: go-ms
        tier: service

    spec:
      containers:
        - name: go-ms
          image: rayndockder/http:0.0.2
          ports:
            - containerPort: 8080
          env:
            - name: PORT
              value: "8080"
          resources:
            requests:
              memory: "64Mi"
              cpu: "125m"
            limits:
              memory: "128Mi"
              cpu: "250m"
---
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: http-gateway
spec:
  selector:
    istio: ingressgateway
  servers:
    - port:
        number: 80
        name: http
        protocol: HTTP
      hosts:
        - "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: go-ms-virtualservice
spec:
  hosts:
     - "*"
  gateways:
    - http-gateway
  http:
  - match:
      - uri:
          prefix: /
      - uri:
          exact: /api/books
    route:
      - destination:
          port:
            number: 8080
          host: go-ms
EOF

The reason that I changed the gateway port to 80 is that, the istio ingress gateway by default opens up a few ports such as 80, 443 and few others. In my case, as minikube doesn't have an external load balancer, I used node ports which is 31380 in my case.

I was able to access the app with url of http://$(minikube ip):31380.

There is no point in changing the port of services, deployments since these are application specific.

May be this question specifies the ports opened by istio ingress gateway.

-- Malathi
Source: StackOverflow