I have deployed istio in kubernetes through the official helm chart, but cannot access the nodeport service of the istio-ingressgateway. I get connection refused.
There is a listener on NodePort 31380 though.
$ netstat -plan | grep 31380
tcp6 0 0 :::31380 :::* LISTEN 8523/kube-proxyThe iptables firewall on this k8s node does not block the traffic to 31380/tcp.
I tried connecting to 127.0.0.1:31380 and the LAN IP of the node directly from the node.
Any ideas what could be wrong or how I can debug that?
Best regards, rforberger
In Your hello-istio service configuration there is port miss-configuration:
---
apiVersion: v1
kind: Service
metadata:
name: hello-istio
namespace: hello-istio
spec:
selector:
run: hello-istio
ports:
- protocol: TCP
port: 13451
targetPort: 80
---The port should be same as containerPort from deployment. And targetPort should be same as destination port number in gateway.
So Your service configuration should look like this:
---
apiVersion: v1
kind: Service
metadata:
name: hello-istio
namespace: hello-istio
spec:
selector:
run: hello-istio
ports:
- protocol: TCP
port: 80
targetPort: 13451
---It is working now. I was stupid, I had to define port 80 in the Gateway definition, instead of any random port in order to start a listener on the istio-ingressgateway on port 80. I didn't dare this in order to not route any other traffic the is incoming to the istio ingress already. Thanks for your help.