kubernetes virtual service for Zuul Proxy fails without port forwarding

1/6/2020

I have a virtual service in kubernetes as defined in the following file,

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: {{ .Chart.Name }}-vs
  namespace: istio-system
spec:
  hosts:
    - {{ .Values.virtualservice.host }}
    - {{ .Chart.Name }}.default.svc.cluster.local
  gateways:
    - {{ .Values.virtualservice.gateway }}
    - mesh
  http:
    - route:
        - destination:
            host: {{ .Chart.Name }}.default.svc.cluster.local
            port:
              number: {{ .Values.service.port }}
      corsPolicy:
        allowOrigin:
          - '*'
        allowMethods:
          - OPTIONS
          - GET
          - POST
          - PUT
          - DELETE
        allowCredentials: true
        allowHeaders:
          - '*'
        maxAge: "24h"

My actual service works fine when I port forward to it. It's a java app serving HTTP only.

However, when I try to hit it using HTTPS via the virtual service as defined above, it fails. The static pages load fine. But if hit something that causes the app to go backend and access another service, I get a failure. The app is actually a Zuul proxy and needs to hit backend services.

I am not able to figure out how to debug this or what could be causing this issue.

thanks

EDIT

A strange thing I noticed. All the services including the api-gw are listening on port 8080. They are all Spring-boot apps.

Fails:

  • API-gw service, SpringBootApp and Docker container and kube service - 8080
  • Back-end service, SpringBootApp , Docker container and kube service - 8080

Succeeds:

  • API-gw service, SpringBootApp and Docker container and kube service - 11243 [anything except 8080]
  • Back-end service, SpringBootApp , Docker container and kube service - 8080

what's the reason?

thanks

-- ameet chaubal
istio
kubernetes
kubernetes-ingress

1 Answer

1/9/2020

Based on medium and listeners command i think the answer is port collision.

enter image description here

API Gateway is a concept of having a single point of entry to access all of the services in the backend.

You shouldn't have the same port on api-gw like on frontend and backend.

enter image description here API Gateway will run in port 8090

Product will run in port 8080

API Gateway will be configured to redirect all the traffic to the Product service.

So when You changed the port from 8080 to random free port like 11243 it's working properly because there is no port collision between frontend/backend and api gateway.

I hope it will help You. Let me know if You have any more questions.

-- jt97
Source: StackOverflow