K
Q

Istio 1.2 -- Two protocols, same port?

7/29/2020

We have an application running in a k8s deployment that opens a TCP socket on port 8000, and listens for HTTP and GRPC traffic. We also have an Istio Gateway listening on port 443 for HTTPS traffic, connected to two virtual services, one for HTTP traffic, the other for GRPC traffic (matching on headers/URI). Those VirtualServices direct traffic to two different ports on the Service, port 8000 for HTTP traffic, and port 5001 for GRPC traffic--but both have a target port of 8000 (see specs below). We're having issues connecting via either HTTP or GRPC--HTTP returns a generic 500, GRPC returns a "not found" error. However, if we split the traffic between two ports (i.e. each protocol gets its own port), things work fine, this unfortunately forces us to use an older version of the app.

Deployment: 

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: test-deployment
  namespace: test-ns
spec:
  progressDeadlineSeconds: 600
  replicas: 2
  strategy:
    rollingUpdate:
      maxSurge: 25%
      maxUnavailable: 0
    type: RollingUpdate
  template:
    spec:
      containers:
        image: <Image name> 
        imagePullPolicy: IfNotPresent
        livenessProbe:
          failureThreshold: 3
          httpGet:
            path: /live
            port: 8000
            scheme: HTTP
          initialDelaySeconds: 20
          periodSeconds: 5
          successThreshold: 1
          timeoutSeconds: 60
        name: test-container
        ports:
        - containerPort: 8000
          protocol: TCP
        - containerPort: 8000
          name: metrics
          protocol: TCP
        readinessProbe:
          failureThreshold: 3
          httpGet:
            path: /ready
            port: 8000
            scheme: HTTP
          initialDelaySeconds: 20
          periodSeconds: 5
          successThreshold: 1
          timeoutSeconds: 60
        resources:
          limits:
            cpu: "1"
            memory: 1Gi
          requests:
            cpu: 200m
            memory: 10Mi
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
      dnsPolicy: ClusterFirst
      restartPolicy: Always
      schedulerName: default-scheduler
      terminationGracePeriodSeconds: 20

Service: 

apiVersion: v1
kind: Service
metadata:
  name: test-deployment-svc
  namespace: test-ns
spec:
  clusterIP: <IP>
  ports:
  - name: http
    port: 8000
    protocol: TCP
    targetPort: 8000
  - name: http2
    port: 5001
    protocol: TCP
    targetPort: 8000
  selector:
    <some label>
  sessionAffinity: None
  type: ClusterIP

Any suggestions would be greatly appreciated!

-- PSU2017
istio
kubernetes

Similar Questions

Multi-cloud solution for data platforms on hybrid and multi-cloud using Anthos
How to find pod termination reason from within pod?
Bazel - Build, Push, Deploy Docker Containers to Kubernetes within Monorepo
Connected refused when trying to hit kubernetes nodeport service using minikube in win10
Push a Docker image to Google Container Registry from a container running in the GKE

0 Answers