K
Q

Istio Locality-prioritized load balancing not working

12/23/2020

Unable to configure Locality-prioritized load balancing. There are two nodes with the labels: 

  labels:
    kubernetes.io/hostname: test-hw1
    topology.kubernetes.io/region: us
    topology.kubernetes.io/zone: wdc04
  labels:
    kubernetes.io/hostname: test-hw2
    topology.kubernetes.io/region: eu
    topology.kubernetes.io/zone: fra02

Service:

apiVersion: v1
kind: Service
metadata:
  name: cara
  namespace: default
  labels:
    app: cara
spec:
  selector:
    app: cara
  ports:
    - name: http
      appProtocol: http
      targetPort: http
      port: 8000

  topologyKeys:
    - "kubernetes.io/hostname"
    - "topology.kubernetes.io/zone"
    - "topology.kubernetes.io/region"
    - "*"

DestinationRule:

apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
  name: cara
spec:
  host: cara.default.svc.cluster.local
  trafficPolicy:
    connectionPool:
      http:
        http1MaxPendingRequests: 1

    outlierDetection:
      consecutive5xxErrors: 2
      baseEjectionTime: 5s

If the request comes to test-hw1 node it still sometimes gets routed to test-hw2 node without any reason.

-- Jonas
istio
kubernetes

Similar Questions

Securing Kubernetes API on Azure only accessible by Local IP (RFC1918)
How does Kubernetes NodePort networking work on multi node cluster?
Where exactly does the load balancer logic run on?
Visual studio docker container capable of seeing kubernetes pods outside?
Unable to configure the Kubernetes Dashboard in GCP using Compute Engine

1 Answer

12/28/2020

Turns out that the issue was in the NodePort service that was accepting traffic from outside. Services by default are load-balancing traffic across the pods, so sometimes connections were routed to the other region istio-ingressgateway pod. Simply adding externalTrafficPolicy: Local to the service that is accepting traffic from outside on NodePort solved this issue.

-- Jonas
Source: StackOverflow