5

I deployed a istio to k8s and it works well at first, but after one day, I can't access the app via ingress gateway. Then checked the istio svc status. It shows the external ip of the istio ingress gateway is pending.

I checked logs and events of the service, but there is nothing. What's the most possibility cause of the issue?

the external ip stay pending:

the external ip stay pending

Paolo Mossini
  • 1,064
  • 2
  • 15
  • 23
zzg
  • 61
  • 1
  • 1
  • 3
  • 1
    This could be caused by your Ingress being unable to connect to the LoadBalancer which depends on where your K8s cluster is running. If you are running in GCP or AWS you should verify there is indeed a load balancer running and it's accepting traffic. If you are running on prem your cluster would be unable to auto-provision a load balancer and you would be responsible for providing one. – davidmontoyago Mar 02 '20 at 13:49
  • @davidmontoyago , I fully agree. It appears I posted my answer almost at same time as you did Your comment. – Piotr Malec Mar 02 '20 at 14:08
  • It is running on a Linux server but not any public cloud platform. It can get external IP at first, and the external IP become pending later. – zzg Mar 06 '20 at 07:52

3 Answers3

3

This is most likely caused by using platform that does not provide an external loadbalancer to istio ingress gateway.

According to istio documentation:

If the EXTERNAL-IP value is set, your environment has an external load balancer that you can use for the ingress gateway. If the EXTERNAL-IP value is <none> (or perpetually <pending>), your environment does not provide an external load balancer for the ingress gateway. In this case, you can access the gateway using the service’s node port.

Follow these instructions if you have determined that your environment has an external load balancer.

Set the ingress IP and ports:

export INGRESS_HOST=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
export INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="http2")].port}')
export SECURE_INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="https")].port}')
export TCP_INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="tcp")].port}')

In certain environments, the load balancer may be exposed using a host name, instead of an IP address. In this case, the ingress gateway’s EXTERNAL-IP value will not be an IP address, but rather a host name, and the above command will have failed to set the INGRESS_HOST environment variable. Use the following command to correct the INGRESS_HOST value:

export INGRESS_HOST=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')
Piotr Malec
  • 3,429
  • 11
  • 16
  • It is deployed on a linux server, it can get the external-ip at first and the external-ip become pending later. – zzg Mar 05 '20 at 13:28
2

removing the traefik service resolved my issue on k3d on localhost (dev environment).

kubectl get svc -n kube-system

kubectl -n kube-sytem delete svc traefik

I'm not an expert! This might have some side effects or cause other issues.

Vahid
  • 1,265
  • 10
  • 20
  • 1
    This works because traefik uses the same port 443 on the host and prevents Istio to use it for the gateway. I had the same problem on k3s installation, – suleyman Jan 26 '23 at 15:34
0

If you are using KIND, then you need to install MetalLB on top of it first. Then, your istio-ingressgateway will get an external IP assigned if it is of type LoadBalancer. Hopefully, this helps.

Srinath
  • 66
  • 4