I have a k8s cluster with Istio ingress. I deployed a deployment, service, gateway and a virtual service but I still can't access my service from outside the cluster. I'm able to access my service by accessing the workers on the nodePort specified, but I'd expect that the Istio gateway will still listen on port 80 on my master but it doesn't look like that. What am I doing wrong here?
service.yaml:
apiVersion: v1
kind: Service
metadata:
name: microservices-service
spec:
type: NodePort
selector:
app: microservices-deployment
ports:
- port: 5001
targetPort: 5001
nodePort: 30007deployment.yaml:
apiVersion: apps/v1
kind: Deployment
metadata:
name: microservices-deployment
labels:
app: microservices-deployment
spec:
replicas: 3
template:
metadata:
name: microservices-deployment
labels:
app: microservices-deployment
spec:
containers:
- name: microservices-deployment
image: *** private docker registry ***
imagePullPolicy: Always
ports:
- containerPort: 5001
restartPolicy: Always
imagePullSecrets:
- name: regcred
selector:
matchLabels:
app: microservices-deploymentingress.yaml:
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: microservices-gateway
spec:
selector:
istio: ingressgateway
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: microservices
spec:
hosts:
- "*"
gateways:
- microservices-gateway
http:
- match:
route:
- destination:
host: *** master hostname ***
port:
number: 5001Thanks a lot!
I checked your configuration and everything looks set up correctly. There is only one little mistake to fix is your virtual service.
Change it from
http:
- match:
route:
- destination:
host: *** master hostname ***
port:
number: 5001to
http:
- route:
- destination:
host: microservices-service
port:
number: 5001And you should be able to access it with your istio gateway external-ip LoadBalancer/NodePort. More about it here.
kubectl get svc -n istio-system | grep istio-ingressQuick example with nginx, note that I'm using LoadBalancer instead of NodePort.
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx1
spec:
selector:
matchLabels:
run: nginx1
replicas: 1
template:
metadata:
labels:
run: nginx1
app: frontend
spec:
containers:
- name: nginx1
image: nginx
ports:
- containerPort: 80
lifecycle:
postStart:
exec:
command: ["/bin/sh", "-c", "echo Hello nginx1 > /usr/share/nginx/html/index.html"]
---
apiVersion: v1
kind: Service
metadata:
name: nginx
labels:
app: frontend
spec:
ports:
- port: 80
protocol: TCP
selector:
app: frontend
---
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: nginx-gateway
spec:
selector:
istio: ingressgateway
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: nginx-virtual
spec:
gateways:
- nginx-gateway
hosts:
- "*"
http:
- route:
- destination:
host: nginx.default.svc.cluster.local
port:
number: 80kubectl get svc -n istio-system | grep ingress
istio-ingressgateway LoadBalancer xx.x.xx.xxx xx.xx.xx.xx 15021:30880/TCP,80:31983/TCP,443:31510/TCP,15443:32267/TCP 2d2hTest with curl
curl -v xx.xx.xx.xx/
GET / HTTP/1.1
HTTP/1.1 200 OK
Hello nginx1