Istio is not responding on port 80

12/12/2020

We set up Istio on our cluster recently, and everything was working fine during our testing. We've now gone live with Istio but now our services are not connecting on port 80; HTTPS works, but we need to have HTTP redirect to HTTPS.

Here is our Istio install config:

apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
spec:
  profile: default
  components:
    ingressGateways:
      - enabled: true
        k8s:
          env:
            - name: ISTIO_META_ROUTER_MODE
              value: sni-dnat
          hpaSpec:
            maxReplicas: 5
            metrics:
              - resource:
                  name: cpu
                  targetAverageUtilization: 80
                type: Resource
            minReplicas: 1
            scaleTargetRef:
              apiVersion: apps/v1
              kind: Deployment
              name: istio-ingressgateway
          resources:
            limits:
              cpu: 2000m
              memory: 1024Mi
            requests:
              cpu: 100m
              memory: 128Mi
          service:
            type: LoadBalancer
            externalTrafficPolicy: Local
            ports:
              - name: status-port
                port: 15021
                targetPort: 15021
              - name: http2
                port: 80
                targetPort: 8080
              - name: https
                port: 443
                targetPort: 8443
              - name: tls
                port: 15443
                targetPort: 15443
          strategy:
            rollingUpdate:
              maxSurge: 100%
              maxUnavailable: 25%
        name: istio-ingressgateway
-- Amit
hsts
http
https
istio
kubernetes

1 Answer

12/12/2020

How about check Service created by your IstioOperator CR in istio-ingressgateway? You created the Ingress Gateway with LoadBalancer type service. Then you should configure the LB routing rules for http and https ports you specified in the yaml.

For instance, if your service configured with all ports as follows, then you had better verify if http port is listening or open at your LB layer. In my example, the LoadBalancer type is integrated with AWS and the ELB also created with all the ports I specified. It's logically same with other platforms, it's just different about LB configuration is automated or is required to configure it manually.

NAME                          TYPE           CLUSTER-IP       EXTERNAL-IP                          PORT(S)
loadbalancer-ingressgateway   LoadBalancer   172.30.68.12     xxxxxx.ap-northeast-1.elb.amazonaws.com   15021:30053/TCP,80:31829/TCP,443:32661/TCP,15443:30937/TCP
-- Daein Park
Source: StackOverflow