why the node in k8s cluster cant be connected?

10/16/2021

i create a cluster by kind in my local env

why the ip list by node cant connected? like bottom

NAME                 STATUS   ROLES                  AGE   VERSION   INTERNAL-IP   EXTERNAL-IP   OS-IMAGE       KERNEL-VERSION      CONTAINER-RUNTIME
kind-control-plane   Ready    control-plane,master   22h   v1.21.1   172.18.0.2    <none>        Ubuntu 21.04   4.19.121-linuxkit   containerd://1.5.2

ping 172.18.0.2 get Request timeout

i follow doc https://istio.io/latest/docs/setup/getting-started/ and blocked in step Verify external access

"http://$GATEWAY_URL/productpage" is not a useful site for me

i meet this question so when i test istio in local,cant expose my service from pod inside

so , how can i complete the step??

-- 王小明
istio
kubernetes

1 Answer

10/16/2021

Kind runs each Kubernetes node in a separate Docker container. The IP address you see is a Docker-internal address, but that's not directly accessible (unless you're calling from outside a container, on the same host, and it's a native-Linux host).

When you create the kind cluster you need to configure it to publish ports from the node container. For this to work you need to know the port number on the node that's being published; if it's a NodePort-type service, you need to know (or probably directly specify) the nodePort: value, for example.

The Istio documentation describes looking up the ingress port but that's not too useful since you need to reinstall the cluster with that value. Istio has several installation profiles. It's very possible to customize them, including changing the Service port definitions; the Gateway definition is substantial but does allow explicitly setting the nodePort values.

So: first, pick a port, in the ordinary NodePort range (30000-32767); let's use 31380 (a number that appears in the documentation page you link to).

You need to configure kind to make that port visible:

# kindconfig.yaml
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
nodes:
- role: control-plane
  extraPortMappings:
  - containerPort: 31380 # actually the nodePort
    hostPort: 8000       # some available port on your host (can be 80)

Create the cluster

kind create cluster --config=kindconfig.yaml

Create an Istio configuration. Note that you must copy the entire list of ports.

# istioconfig.yaml
apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
spec:
  components:
    ingressGateways:
      - name: istio-ingressgateway
        enabled: true
        k8s:
          service:
            ports:
            - port: 15021
              targetPort: 15021
              name: status-port
            - port: 80
              targetPort: 8080
              nodePort: 31380 # <-- add this
              name: http2
            # and copy the remaining ports from the reference config

Then, in the new kind cluster, install Istio using this setup

istioctl install --set profile=demo -f istioconfig.yaml

Once Istio fully comes up and you deploy the application, you should be able to access http://localhost:8000 from the host system, where 8000 is the kind hostPort: setting we configured (if you picked port 80 there, you can leave off the port number).

The routing here is:

  • localhost port 8000 from the host reaches a Docker port-forward;
  • Docker forwards to port 31380 in the kind-control-plane container;
  • Port 31380 is attached to a NodePort (actually LoadBalancer) istio-ingressgateway Service in the istio-system namespace;
  • That forwards to port 8080 on the actual ingress Pod(s);
  • The ingress gateway does URL-based routing to your application using normal Kubernetes and Istio intra-cluster networking.
-- David Maze
Source: StackOverflow