K
Q

istio upstream connect error or disconnect/reset before headers. reset reason: connection termination

8/23/2019

I am trying to follow the Istio BookInfo example for Kubernetes. But instead of installing the resources in the default namespace, I am using a namespace called qa. On step 5 is where I am running into an issue. When I try to curl the productpage I get the following response:

upstream connect error or disconnect/reset before headers. reset reason: connection termination

However, if I follow the same example but use the default namespace a get a successful response from the productpage.

Any ideas why this is breaking in my qa namespace?

Istio version:

client version: 1.2.4
citadel version: 1.2.2
egressgateway version: 1.2.2
galley version: 1.2.2
ingressgateway version: 1.2.2
pilot version: 1.2.2
policy version: 1.2.2
sidecar-injector version: 1.2.2
telemetry version: 1.2.2

Kubernetes version (running in AKS):

Client Version: version.Info{Major:"1", Minor:"14", GitVersion:"v1.14.3", GitCommit:"5e53fd6bc17c0dec8434817e69b04a25d8ae0ff0", GitTreeState:"clean", BuildDate:"2019-06-06T01:44:30Z", GoVersion:"go1.12.5", Compiler:"gc", Platform:"windows/amd64"}
Server Version: version.Info{Major:"1", Minor:"13", GitVersion:"v1.13.7", GitCommit:"4683545293d792934a7a7e12f2cc47d20b2dd01b", GitTreeState:"clean", BuildDate:"2019-06-06T01:39:30Z", GoVersion:"go1.11.5", Compiler:"gc", Platform:"linux/amd64"}
-- Dave
istio
kubernetes

Similar Questions

Add an embedded device as resource to Kubernetes
Istio allowing external traffic through without ServiceEntry?
iam ConfirmSubscription permissions error
Transfer cert-manager certificate from one cluster to another for e2e tests

1 Answer

8/27/2019

I would recommend the following steps in order to debug the reported issue:

  1. Check whether sidecar has injected into qa namespace:

$ kubectl get namespace -L istio-injection| grep qa

qa                Active   83m   enabled
  1. Verify k8s Bookinfo app resources properly distributed and located in qa namespace:

$ kubectl get all -n qa

NAME                                  READY   STATUS    RESTARTS   AGE
pod/details-v1-74f858558f-vh97g       2/2     Running   0          29m
pod/productpage-v1-8554d58bff-5tpbl   2/2     Running   0          29m
pod/ratings-v1-7855f5bcb9-hhlds       2/2     Running   0          29m
pod/reviews-v1-59fd8b965b-w9lk5       2/2     Running   0          29m
pod/reviews-v2-d6cfdb7d6-hsjqq        2/2     Running   0          29m
pod/reviews-v3-75699b5cfb-vl7t9       2/2     Running   0          29m


NAME                  TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)    AGE
service/details       ClusterIP   IP_ADDR          <none>        9080/TCP   29m
service/productpage   ClusterIP   IP_ADDR          <none>        9080/TCP   29m
service/ratings       ClusterIP   IP_ADDR          <none>        9080/TCP   29m
service/reviews       ClusterIP   IP_ADDR          <none>        9080/TCP   29m


NAME                             READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/details-v1       1/1     1            1           29m
deployment.apps/productpage-v1   1/1     1            1           29m
deployment.apps/ratings-v1       1/1     1            1           29m
deployment.apps/reviews-v1       1/1     1            1           29m
deployment.apps/reviews-v2       1/1     1            1           29m
deployment.apps/reviews-v3       1/1     1            1           29m

NAME                                        DESIRED   CURRENT   READY   AGE
replicaset.apps/details-v1-74f858558f       1         1         1       29m
replicaset.apps/productpage-v1-8554d58bff   1         1         1       29m
replicaset.apps/ratings-v1-7855f5bcb9       1         1         1       29m
replicaset.apps/reviews-v1-59fd8b965b       1         1         1       29m
replicaset.apps/reviews-v2-d6cfdb7d6        1         1         1       29m
replicaset.apps/reviews-v3-75699b5cfb       1         1         1       29m

$ kubectl get sa -n qa

NAME                   SECRETS   AGE
bookinfo-details       1         36m
bookinfo-productpage   1         36m
bookinfo-ratings       1         36m
bookinfo-reviews       1         36m
default                1         97m
  1. Inspect Istio Envoy in particular Pod container, thus you can extract some essential data about proxy state and traffic routing information:

kubectl logs $(kubectl get pod -l app=ratings -o jsonpath='{.items[0].metadata.name}' -n qa) -c istio-proxy -n qa

I encourage you to look at Istio network traffic-management troubleshooting documentation chapter to get some more insights.

-- mk_sta
Source: StackOverflow