We set up Istio on our cluster recently, and everything was working fine during our testing. We've now gone live with Istio but now our services are not connecting on port 80; HTTPS works, but we need to have HTTP redirect to HTTPS.
Here is our Istio install config:
apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
spec:
profile: default
components:
ingressGateways:
- enabled: true
k8s:
env:
- name: ISTIO_META_ROUTER_MODE
value: sni-dnat
hpaSpec:
maxReplicas: 5
metrics:
- resource:
name: cpu
targetAverageUtilization: 80
type: Resource
minReplicas: 1
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: istio-ingressgateway
resources:
limits:
cpu: 2000m
memory: 1024Mi
requests:
cpu: 100m
memory: 128Mi
service:
type: LoadBalancer
externalTrafficPolicy: Local
ports:
- name: status-port
port: 15021
targetPort: 15021
- name: http2
port: 80
targetPort: 8080
- name: https
port: 443
targetPort: 8443
- name: tls
port: 15443
targetPort: 15443
strategy:
rollingUpdate:
maxSurge: 100%
maxUnavailable: 25%
name: istio-ingressgateway
How about check Service
created by your IstioOperator
CR in istio-ingressgateway
? You created the Ingress Gateway
with LoadBalancer
type service. Then you should configure the LB routing rules for http and https ports you specified in the yaml.
For instance, if your service configured with all ports as follows, then you had better verify if http port is listening or open at your LB layer. In my example, the LoadBalancer
type is integrated with AWS and the ELB also created with all the ports I specified. It's logically same with other platforms, it's just different about LB configuration is automated or is required to configure it manually.
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S)
loadbalancer-ingressgateway LoadBalancer 172.30.68.12 xxxxxx.ap-northeast-1.elb.amazonaws.com 15021:30053/TCP,80:31829/TCP,443:32661/TCP,15443:30937/TCP