For the past week i've been trying to set up the sock-shop demo application together with Istio in Google's Kubernetes Engine. However, when i curl to my ingress-gateway's External IP-adress with curl -I http://${GATEWAY_URL}/ (where ${GATEWAY_URL} corresponds to the external IP i receive when i run kubectl get service istio-ingressgateway -n istio-system), i get this as a response:
HTTP/1.1 503 Service Unavailable
date: Mon, 22 Jul 2019 13:50:11 GMT
server: envoy
transfer-encoding: chunked
The output of kubectl logs -n istio-system istio-ingressgateway-64d6cfc6cb-m4sbx is as follows:
[2019-07-22T13:50:12.021Z] "HEAD /HTTP/1.1" 503 NR 0 0 2 - "10.132.0.4" "curl/7.52.1" "25ea898e-0f51-4997-b3bc-a08f586dcf8a" "35.240.37.125" "-" - - 10.4.0.4:80 10.132.0.4:52250I use the following deployment for the sock-shop (it's basically the traditional sock-shop, except i've added the http--prefix to service ports that listen on port 80):
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: carts-db
labels:
name: carts-db
namespace: sock-shop
spec:
replicas: 1
template:
metadata:
labels:
name: carts-db
spec:
containers:
- name: carts-db
image: mongo
ports:
- name: mongo
containerPort: 27017
securityContext:
capabilities:
drop:
- all
add:
- CHOWN
- SETGID
- SETUID
readOnlyRootFilesystem: true
volumeMounts:
- mountPath: /tmp
name: tmp-volume
volumes:
- name: tmp-volume
emptyDir:
medium: Memory
nodeSelector:
beta.kubernetes.io/os: linux
---
apiVersion: v1
kind: Service
metadata:
name: carts-db
labels:
name: carts-db
namespace: sock-shop
spec:
ports:
# the port that this service should serve on
- port: 27017
targetPort: 27017
selector:
name: carts-db
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: carts
labels:
name: carts
namespace: sock-shop
spec:
replicas: 1
template:
metadata:
labels:
name: carts
spec:
containers:
- name: carts
image: weaveworksdemos/carts:0.4.8
ports:
- containerPort: 80
env:
- name: ZIPKIN
value: zipkin.jaeger.svc.cluster.local
- name: JAVA_OPTS
value: -Xms64m -Xmx128m -XX:PermSize=32m -XX:MaxPermSize=64m -XX:+UseG1GC -Djava.security.egd=file:/dev/urandom
securityContext:
runAsNonRoot: true
runAsUser: 10001
capabilities:
drop:
- all
add:
- NET_BIND_SERVICE
readOnlyRootFilesystem: true
volumeMounts:
- mountPath: /tmp
name: tmp-volume
volumes:
- name: tmp-volume
emptyDir:
medium: Memory
nodeSelector:
beta.kubernetes.io/os: linux
---
apiVersion: v1
kind: Service
metadata:
name: carts
labels:
name: carts
namespace: sock-shop
spec:
ports:
# the port that this service should serve on
- port: 80
targetPort: 80
name: http-carts
selector:
name: carts
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: catalogue-db
labels:
name: catalogue-db
namespace: sock-shop
spec:
replicas: 1
template:
metadata:
labels:
name: catalogue-db
spec:
containers:
- name: catalogue-db
image: weaveworksdemos/catalogue-db:0.3.0
env:
- name: MYSQL_ROOT_PASSWORD
value: fake_password
- name: MYSQL_DATABASE
value: socksdb
ports:
- name: mysql
containerPort: 3306
nodeSelector:
beta.kubernetes.io/os: linux
---
apiVersion: v1
kind: Service
metadata:
name: catalogue-db
labels:
name: catalogue-db
namespace: sock-shop
spec:
ports:
# the port that this service should serve on
- port: 3306
targetPort: 3306
name: mysql-catalogue-db
selector:
name: catalogue-db
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: catalogue
labels:
name: catalogue
namespace: sock-shop
spec:
replicas: 1
template:
metadata:
labels:
name: catalogue
spec:
containers:
- name: catalogue
image: weaveworksdemos/catalogue:0.3.5
ports:
- containerPort: 80
securityContext:
runAsNonRoot: true
runAsUser: 10001
capabilities:
drop:
- all
add:
- NET_BIND_SERVICE
readOnlyRootFilesystem: true
nodeSelector:
beta.kubernetes.io/os: linux
---
apiVersion: v1
kind: Service
metadata:
name: catalogue
labels:
name: catalogue
namespace: sock-shop
spec:
ports:
# the port that this service should serve on
- port: 80
targetPort: 80
name: http-catalogue
selector:
name: catalogue
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: front-end
namespace: sock-shop
spec:
replicas: 1
template:
metadata:
labels:
name: front-end
spec:
containers:
- name: front-end
image: weaveworksdemos/front-end:0.3.12
resources:
requests:
cpu: 100m
memory: 100Mi
ports:
- containerPort: 8079
securityContext:
runAsNonRoot: true
runAsUser: 10001
capabilities:
drop:
- all
readOnlyRootFilesystem: true
nodeSelector:
beta.kubernetes.io/os: linux
---
apiVersion: v1
kind: Service
metadata:
name: front-end
labels:
name: front-end
namespace: sock-shop
spec:
type: NodePort
ports:
- port: 80
targetPort: 8079
nodePort: 30001
name: http-frontend
selector:
name: front-end
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: orders-db
labels:
name: orders-db
namespace: sock-shop
spec:
replicas: 1
template:
metadata:
labels:
name: orders-db
spec:
containers:
- name: orders-db
image: mongo
ports:
- name: mongo
containerPort: 27017
securityContext:
capabilities:
drop:
- all
add:
- CHOWN
- SETGID
- SETUID
readOnlyRootFilesystem: true
volumeMounts:
- mountPath: /tmp
name: tmp-volume
volumes:
- name: tmp-volume
emptyDir:
medium: Memory
nodeSelector:
beta.kubernetes.io/os: linux
---
apiVersion: v1
kind: Service
metadata:
name: orders-db
labels:
name: orders-db
namespace: sock-shop
spec:
ports:
# the port that this service should serve on
- port: 27017
targetPort: 27017
selector:
name: orders-db
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: orders
labels:
name: orders
namespace: sock-shop
spec:
replicas: 1
template:
metadata:
labels:
name: orders
spec:
containers:
- name: orders
image: weaveworksdemos/orders:0.4.7
env:
- name: ZIPKIN
value: zipkin.jaeger.svc.cluster.local
- name: JAVA_OPTS
value: -Xms64m -Xmx128m -XX:PermSize=32m -XX:MaxPermSize=64m -XX:+UseG1GC -Djava.security.egd=file:/dev/urandom
ports:
- containerPort: 80
securityContext:
runAsNonRoot: true
runAsUser: 10001
capabilities:
drop:
- all
add:
- NET_BIND_SERVICE
readOnlyRootFilesystem: true
volumeMounts:
- mountPath: /tmp
name: tmp-volume
volumes:
- name: tmp-volume
emptyDir:
medium: Memory
nodeSelector:
beta.kubernetes.io/os: linux
---
apiVersion: v1
kind: Service
metadata:
name: orders
labels:
name: orders
namespace: sock-shop
spec:
ports:
# the port that this service should serve on
- port: 80
targetPort: 80
name: http-orders
selector:
name: orders
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: payment
labels:
name: payment
namespace: sock-shop
spec:
replicas: 1
template:
metadata:
labels:
name: payment
spec:
containers:
- name: payment
image: weaveworksdemos/payment:0.4.3
ports:
- containerPort: 80
securityContext:
runAsNonRoot: true
runAsUser: 10001
capabilities:
drop:
- all
add:
- NET_BIND_SERVICE
readOnlyRootFilesystem: true
nodeSelector:
beta.kubernetes.io/os: linux
---
apiVersion: v1
kind: Service
metadata:
name: payment
labels:
name: payment
namespace: sock-shop
spec:
ports:
# the port that this service should serve on
- port: 80
targetPort: 80
name: http-payment
selector:
name: payment
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: queue-master
labels:
name: queue-master
namespace: sock-shop
spec:
replicas: 1
template:
metadata:
labels:
name: queue-master
spec:
containers:
- name: queue-master
image: weaveworksdemos/queue-master:0.3.1
ports:
- containerPort: 80
nodeSelector:
beta.kubernetes.io/os: linux
---
apiVersion: v1
kind: Service
metadata:
name: queue-master
labels:
name: queue-master
annotations:
prometheus.io/path: "/prometheus"
namespace: sock-shop
spec:
ports:
# the port that this service should serve on
- port: 80
targetPort: 80
name: http-queue-master
selector:
name: queue-master
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: rabbitmq
labels:
name: rabbitmq
namespace: sock-shop
spec:
replicas: 1
template:
metadata:
labels:
name: rabbitmq
spec:
containers:
- name: rabbitmq
image: rabbitmq:3.6.8
ports:
- containerPort: 5672
securityContext:
capabilities:
drop:
- all
add:
- CHOWN
- SETGID
- SETUID
- DAC_OVERRIDE
readOnlyRootFilesystem: true
nodeSelector:
beta.kubernetes.io/os: linux
---
apiVersion: v1
kind: Service
metadata:
name: rabbitmq
labels:
name: rabbitmq
namespace: sock-shop
spec:
ports:
# the port that this service should serve on
- port: 5672
targetPort: 5672
selector:
name: rabbitmq
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: shipping
labels:
name: shipping
namespace: sock-shop
spec:
replicas: 1
template:
metadata:
labels:
name: shipping
spec:
containers:
- name: shipping
image: weaveworksdemos/shipping:0.4.8
env:
- name: ZIPKIN
value: zipkin.jaeger.svc.cluster.local
- name: JAVA_OPTS
value: -Xms64m -Xmx128m -XX:PermSize=32m -XX:MaxPermSize=64m -XX:+UseG1GC -Djava.security.egd=file:/dev/urandom
ports:
- containerPort: 80
securityContext:
runAsNonRoot: true
runAsUser: 10001
capabilities:
drop:
- all
add:
- NET_BIND_SERVICE
readOnlyRootFilesystem: true
volumeMounts:
- mountPath: /tmp
name: tmp-volume
volumes:
- name: tmp-volume
emptyDir:
medium: Memory
nodeSelector:
beta.kubernetes.io/os: linux
---
apiVersion: v1
kind: Service
metadata:
name: shipping
labels:
name: shipping
namespace: sock-shop
spec:
ports:
# the port that this service should serve on
- port: 80
targetPort: 80
name: http-shipping
selector:
name: shipping
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: user-db
labels:
name: user-db
namespace: sock-shop
spec:
replicas: 1
template:
metadata:
labels:
name: user-db
spec:
containers:
- name: user-db
image: weaveworksdemos/user-db:0.4.0
ports:
- name: mongo
containerPort: 27017
securityContext:
capabilities:
drop:
- all
add:
- CHOWN
- SETGID
- SETUID
readOnlyRootFilesystem: true
volumeMounts:
- mountPath: /tmp
name: tmp-volume
volumes:
- name: tmp-volume
emptyDir:
medium: Memory
nodeSelector:
beta.kubernetes.io/os: linux
---
apiVersion: v1
kind: Service
metadata:
name: user-db
labels:
name: user-db
namespace: sock-shop
spec:
ports:
# the port that this service should serve on
- port: 27017
targetPort: 27017
selector:
name: user-db
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: user
labels:
name: user
namespace: sock-shop
spec:
replicas: 1
template:
metadata:
labels:
name: user
spec:
containers:
- name: user
image: weaveworksdemos/user:0.4.7
ports:
- containerPort: 80
env:
- name: MONGO_HOST
value: user-db:27017
securityContext:
runAsNonRoot: true
runAsUser: 10001
capabilities:
drop:
- all
add:
- NET_BIND_SERVICE
readOnlyRootFilesystem: true
nodeSelector:
beta.kubernetes.io/os: linux
---
apiVersion: v1
kind: Service
metadata:
name: user
labels:
name: user
namespace: sock-shop
spec:
ports:
# the port that this service should serve on
- port: 80
targetPort: 80
name: http-user
selector:
name: userwith the following gateway gateway.yaml...
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: gateway
spec:
selector:
istio: ingressgateway
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "*"and the virtualservice virtual.yaml:
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: external-services
spec:
hosts:
- "*"
gateways:
- gateway # 1
http:
- route:
- destination:
host: front-end # 2
port:
number: 80I'm at a loss as to what could be the cause for the 503 error that's previously mentioned. The output of the logs states 'NR', which indicates that it's found no applicable route, but that's what the virtualservice is for, so i think that's where i made a mistake, but i can't figure out what exactly it is.
In your deployment you used the namespace sock-shop
So you need to specify the virtual service to point to this service:
- destination:
host: front-end.sock-shop.svc.cluster.local