K
Q

istio 1.4.8: strange 400 error when used with AWS Load balancer

4/24/2020

I'm getting a strange 400 error when I try to connect to an Istio Gateway when behind an AWS load balancer.

I don't see any activity in the istio-ingresgateway logs (even with debug settings on), but when I run sysdig on the ingressgateway pod, I see weird semi-random text with often with "QUIT !T" in it.

I get this when I try to make an http request via a browser or curl from outside the cluster.

The same Istio configuration works when I try to make the request in minikube or in Azure.

I'm also able to use the same AWS lb to point to a Nginx ingress controller and it works just fine.

sudo sysdig -s2000 -A -c echo_fds fd.ip=10.1.2.3

Sometimes there is no GET request in the output

------ Read 100B from   10.1.1.3:44404->10.1.2.3:80 (envoy)




QUIT
!T
C
ct>
------ Write 66B to   10.1.1.3:44404->10.1.2.3:80 (envoy)

HTTP/1.1 400 Bad Request
content-length: 0
connection: close

And, sometimes this happens right before the GET request

------ Read 3.39KB from   10.1.1.3:35430->10.1.2.3:80 (envoy)




QUIT
!T
C
atfI>GET /myapp/ HTTP/1.1

I'm wondering if the weird characters are causing the envoy routes not to match, but I have no idea where this could be coming from.

Any advice as to what this might be?

Any general strategies for debugging Istio ingress?

Any help is much appreciated.

-- Joe J
amazon-web-services
envoyproxy
istio
kubernetes
kubernetes-ingress

Similar Questions

Helm delete policy hook removes pod before log dump (helm test --logs)
Missing database and measurements in kapacitor
Unable to access the EC2 Kubernetes dashboard
What is the optimal scheduling strategy for K8s pods?

0 Answers