istio - using vs service and gw instead loadbalancer not working

Question

I’ve the following application which Im able to run in K8S successfully which using service with type load balancer, very simple app with two routes

1. / - you should see 'hello application`
2. /api/books should provide list of book in json format

This is the service

apiVersion: v1
kind: Service
metadata:
  name: go-ms
  labels:
    app: go-ms
    tier: service
spec:
  type: LoadBalancer
  ports:
    - port: 8080
  selector:
    app: go-ms

This is the deployment

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: go-ms
  labels:
    app: go-ms

spec:
  replicas: 2
  template:
    metadata:
      labels:
        app: go-ms
        tier: service

    spec:
      containers:
        - name: go-ms
          image: rayndockder/http:0.0.2
          ports:
            - containerPort: 8080
          env:
            - name: PORT
              value: "8080"
          resources:
            requests:
              memory: "64Mi"
              cpu: "125m"
            limits:
              memory: "128Mi"
              cpu: "250m"

after applied the both yamls and when calling the URL:

http://b0751-1302075110.eu-central-1.elb.amazonaws.com/api/books

I was able to see the data in the browser as expected and also for the root app using just the external ip

Now I want to use istio, so I follow the guide and install it successfully via helm using https://istio.io/docs/setup/kubernetes/install/helm/ and verify that all the 53 crd are there and also istio-system components (such as istio-ingressgateway istio-pilot etc all 8 deployments are in up and running)

I’ve change the service above from LoadBalancer to NodePort

and create the following istio config according to the istio docs

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: http-gateway
spec:
  selector:
    istio: ingressgateway
  servers:
    - port:
        number: 8080
        name: http
        protocol: HTTP
      hosts:
        - "*"
---

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: virtualservice
spec:
  hosts:
    - "*"
  gateways:
    - http-gateway
  http:
  - match:
      - uri:
          prefix: "/"
      - uri:
          exact: "/api/books"
    route:
      - destination:
          port:
            number: 8080
          host: go-ms

in addition I’ve added the following

kubectl label namespace books istio-injection=enabled where the application is deployed,

Now to get the external Ip i've used command

kubectl get svc -n istio-system -l istio=ingressgateway

and get this in the external-ip

b0751-1302075110.eu-central-1.elb.amazonaws.com when trying to access to the URL

http://b0751-1302075110.eu-central-1.elb.amazonaws.com/api/books

I got error:

This site can’t be reached

ERR_CONNECTION_TIMED_OUT

if I run the docker rayndockder/http:0.0.2 via docker run -it -p 8080:8080 httpv2

I path's works correctly!

Any idea/hint What could be the issue ?

Is there a way to trace the istio configs to see whether if something is missing or we have some collusion with port or network policy maybe ?

btw, the deployment and service can run on each cluster for testing of someone could help...

if I change all to port to 80 (in all yaml files and the application and the docker ) I was able to get the data for the root path, but not for "api/books"

Answer 1

I tired your config with the modification of gateway port to 80 from 8080 in my local minikube setup of kubernetes and istio. This is the command I used:

kubectl apply -f - <<EOF
apiVersion: v1
kind: Service
metadata:
  name: go-ms
  labels:
    app: go-ms
    tier: service
spec:
  ports:
    - port: 8080
  selector:
    app: go-ms
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: go-ms
  labels:
    app: go-ms

spec:
  replicas: 2
  template:
    metadata:
      labels:
        app: go-ms
        tier: service

    spec:
      containers:
        - name: go-ms
          image: rayndockder/http:0.0.2
          ports:
            - containerPort: 8080
          env:
            - name: PORT
              value: "8080"
          resources:
            requests:
              memory: "64Mi"
              cpu: "125m"
            limits:
              memory: "128Mi"
              cpu: "250m"
---
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: http-gateway
spec:
  selector:
    istio: ingressgateway
  servers:
    - port:
        number: 80
        name: http
        protocol: HTTP
      hosts:
        - "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: go-ms-virtualservice
spec:
  hosts:
     - "*"
  gateways:
    - http-gateway
  http:
  - match:
      - uri:
          prefix: /
      - uri:
          exact: /api/books
    route:
      - destination:
          port:
            number: 8080
          host: go-ms
EOF

The reason that I changed the gateway port to 80 is that, the istio ingress gateway by default opens up a few ports such as 80, 443 and few others. In my case, as minikube doesn't have an external load balancer, I used node ports which is 31380 in my case.

I was able to access the app with url of http://$(minikube ip):31380.

There is no point in changing the port of services, deployments since these are application specific.

May be this question specifies the ports opened by istio ingress gateway.