Access service by publicIP using istio-ingress gives 503 Servcie unavailable error

11/7/2019

My service is working fine when I use port-forwarding and send a get request to the localhost however sending a Get request to the publicDomain gives 503 error message. Here is my configuration files:

apiVersion: v1
kind: Service
metadata:
   name: my-app
   namespace: default
spec:
  ports:
   - port: 8080
     targetPort: 8080
     protocol: TCP
     name: http
   - port: 9000
     targetPort: 9000
     protocol: TCP
     name: http1
   - port: 9001
     targetPort: 9001
     protocol: TCP
     name: http2
   selector:
     app: my-app

The Deployment config:

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: my-app
  namespace: default
spec:
  replicas: 1
  selector:
    matchLabels:
       app: my-app
  template:
    metadata:
      labels:
        app: my-app
    spec:
      containers:
        - image: myrepo.azurecr.io/my-app:12
          name: my-app
          ports:
            - containerPort: 8080
              protocol: TCP
            - containerPort: 8000
              protocol: TCP
            - containerPort: 9000
              protocol: TCP
            - containerPort: 9001
              protocol: TCP

The VirtualService config:

 apiVersion: networking.istio.io/v1alpha3
 kind: VirtualService
 metadata:
   name: my-app
   namespace: default
 spec:
   hosts:
     - "app.mydomain.com"
   gateways:
     - mygateway.istio-system.svc.cluster.local
   http:
     - match:
       - uri:
         prefix: /myprefix
       route:
        - destination:
           host: my-app
           port:
             number: 9001
     - match:
       - uri:
         prefix: /
       route:
        - destination:
          host: my-app
          port:
            number: 9000
     corsPolicy:
       allowOrigin:
       - "https://test1.domain.com"
       - "https://test2.domain.com"
       allowMethods:
       - POST
       - PATCH
       allowCredentials: false
       allowHeaders:
       - X-Tenant-Identifier
       - Content-Type
       maxAge: "24h"

Gateway config:

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: my-gateway
  namespace: istio-system
spec:
  selector:
    istio: ingressgateway
  servers:
    - port:
      number: 80
      name: http
      protocol: HTTP
    hosts:
      - "*.mydomain.com"
    #tls:
    #httpsRedirect: true
    - port:
      number: 443
      name: https
      protocol: HTTPS
    hosts:
      - "*.mydomain.com"
    tls:
     mode: SIMPLE
     serverCertificate: /etc/istio/ingressgateway-certs/tls.crt
     privateKey: /etc/istio/ingressgateway-certs/tls.key

Here is some more info:

$ kubectl get ep my-app
NAME              ENDPOINTS                                               AGE
my-app   10.244.1.169:9000,10.244.1.169:9001,10.244.1.169:8080   26h

If I forward the port:

 $ kubectl port-forward my-app-podid 6001:9001

and then use postman to send a Get request to localhost:6001/myprefix it's working fine and return 200 OK response, however if send a Get request to publicdomain app.mydomain.com/myprefix I get 503 error also using curl:

kubectl exec -n istio-system istio-ingressgateway-podid -- curl -v http://my-app.default.svc.cluster.local:9001/myprefix

Connected to my-app.default.svc.cluster.local (10.0.71.212) port 9001 (#0)

GET /myprefix HTTP/1.1 Host: my-app.default.svc.cluster.local:9001 User-Agent: curl/7.47.0 Accept: /

upstream connect error or disconnect/reset before headers. reset reason: connection termination< HTTP/1.1 503 Service Unavailable

The logs of ingress gateway doesn't give more info than just 503 error message. Does anyone know what is missing?

-- Matrix
azure-kubernetes
istio

1 Answer

11/8/2019

The problem was setting up wrong port names under Service. So the correct Service.yaml file looks like bellow:

 apiVersion: v1
 kind: Service
 metadata:
   name: my-app
   namespace: default
 spec:
   ports:
    - port: 8080
    targetPort: 8080
    protocol: TCP
    name: http-debug
    - port: 9000
    targetPort: 9000
    protocol: TCP
    name: http-app
    - port: 9001
    targetPort: 9001
    protocol: TCP
    name: http-monitoring
  selector:
   app: my-app

https://istio.io/docs/setup/additional-setup/requirements/

-- Matrix
Source: StackOverflow