My service is working fine when I use port-forwarding and send a get request to the localhost however sending a Get request to the publicDomain gives 503 error message. Here is my configuration files:
apiVersion: v1
kind: Service
metadata:
name: my-app
namespace: default
spec:
ports:
- port: 8080
targetPort: 8080
protocol: TCP
name: http
- port: 9000
targetPort: 9000
protocol: TCP
name: http1
- port: 9001
targetPort: 9001
protocol: TCP
name: http2
selector:
app: my-app
The Deployment config:
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: my-app
namespace: default
spec:
replicas: 1
selector:
matchLabels:
app: my-app
template:
metadata:
labels:
app: my-app
spec:
containers:
- image: myrepo.azurecr.io/my-app:12
name: my-app
ports:
- containerPort: 8080
protocol: TCP
- containerPort: 8000
protocol: TCP
- containerPort: 9000
protocol: TCP
- containerPort: 9001
protocol: TCP
The VirtualService config:
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: my-app
namespace: default
spec:
hosts:
- "app.mydomain.com"
gateways:
- mygateway.istio-system.svc.cluster.local
http:
- match:
- uri:
prefix: /myprefix
route:
- destination:
host: my-app
port:
number: 9001
- match:
- uri:
prefix: /
route:
- destination:
host: my-app
port:
number: 9000
corsPolicy:
allowOrigin:
- "https://test1.domain.com"
- "https://test2.domain.com"
allowMethods:
- POST
- PATCH
allowCredentials: false
allowHeaders:
- X-Tenant-Identifier
- Content-Type
maxAge: "24h"
Gateway config:
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: my-gateway
namespace: istio-system
spec:
selector:
istio: ingressgateway
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "*.mydomain.com"
#tls:
#httpsRedirect: true
- port:
number: 443
name: https
protocol: HTTPS
hosts:
- "*.mydomain.com"
tls:
mode: SIMPLE
serverCertificate: /etc/istio/ingressgateway-certs/tls.crt
privateKey: /etc/istio/ingressgateway-certs/tls.key
Here is some more info:
$ kubectl get ep my-app
NAME ENDPOINTS AGE
my-app 10.244.1.169:9000,10.244.1.169:9001,10.244.1.169:8080 26h
If I forward the port:
$ kubectl port-forward my-app-podid 6001:9001
and then use postman to send a Get request to localhost:6001/myprefix it's working fine and return 200 OK response, however if send a Get request to publicdomain app.mydomain.com/myprefix I get 503 error also using curl:
kubectl exec -n istio-system istio-ingressgateway-podid -- curl -v http://my-app.default.svc.cluster.local:9001/myprefix
Connected to my-app.default.svc.cluster.local (10.0.71.212) port 9001 (#0)
GET /myprefix HTTP/1.1 Host: my-app.default.svc.cluster.local:9001 User-Agent: curl/7.47.0 Accept: /
upstream connect error or disconnect/reset before headers. reset reason: connection termination< HTTP/1.1 503 Service Unavailable
The logs of ingress gateway doesn't give more info than just 503 error message. Does anyone know what is missing?
The problem was setting up wrong port names under Service. So the correct Service.yaml file looks like bellow:
apiVersion: v1
kind: Service
metadata:
name: my-app
namespace: default
spec:
ports:
- port: 8080
targetPort: 8080
protocol: TCP
name: http-debug
- port: 9000
targetPort: 9000
protocol: TCP
name: http-app
- port: 9001
targetPort: 9001
protocol: TCP
name: http-monitoring
selector:
app: my-app