istio: istio 0.8 ingress doesn't have listen port

I have a bare-metal installation of kubernetes + istio 0.8 Also I have a NodePort service to Istio Ingress deployment

istio-system     istio-ingress-nodeport     NodePort       10.233.37.227   <none>        80:32664/TCP

Name:                     istio-ingress-nodeport
Namespace:                istio-system
Labels:                   app=ingress
                          chart=ingress-0.8.0
                          heritage=Tiller
                          istio=ingress
                          release=istio
Annotations:              <none>
Selector:                 istio=ingress
Type:                     NodePort
IP:                       10.233.37.227
Port:                     <unset>  80/TCP
TargetPort:               80/TCP
NodePort:                 <unset>  32664/TCP
Endpoints:                10.233.102.154:80
Session Affinity:         None
External Traffic Policy:  Cluster
Events:                   <none>

Istio Ingress deployment exposes port 80

ame:                   istio-ingress
Namespace:              istio-system
CreationTimestamp:      Sat, 19 May 2018 20:44:15 +0300
Labels:                 app=ingress
                        chart=ingress-0.8.0
                        heritage=Tiller
                        istio=ingress
                        release=istio
Annotations:            deployment.kubernetes.io/revision=1
Selector:               istio=ingress
Replicas:               1 desired | 1 updated | 1 total | 1 available | 0 unavailable
StrategyType:           RollingUpdate
MinReadySeconds:        0
RollingUpdateStrategy:  1 max unavailable, 1 max surge
Pod Template:
  Labels:           istio=ingress
  Annotations:      sidecar.istio.io/inject=false
  Service Account:  istio-ingress-service-account
  Containers:
   ingress:
    Image:       docker.io/istionightly/proxyv2:nightly-release-0.8
    Ports:       80/TCP, 443/TCP

but if I go to istio ingress pod I won’t see any 80 port has beed exposed

$ kubectl exec -it istio-ingress-6c6b94f8f6-56jgp -n istio-system /bin/bash
root@istio-ingress-6c6b94f8f6-56jgp:/# netstat -nap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 127.0.0.1:15000         0.0.0.0:*               LISTEN      -
tcp        0      0 10.233.102.154:47322    10.233.30.168:15010     ESTABLISHED -
udp        0      0 10.233.102.154:52451    10.233.7.196:9125       ESTABLISHED -
udp        0      0 10.233.102.154:54821    10.233.7.196:9125       ESTABLISHED -
udp        0      0 10.233.102.154:56897    10.233.7.196:9125       ESTABLISHED -
udp        0      0 10.233.102.154:43760    10.233.0.3:53           ESTABLISHED -
udp        0      0 10.233.102.154:44816    10.233.7.196:9125       ESTABLISHED -
udp        0      0 10.233.102.154:33600    10.233.7.196:9125       ESTABLISHED -
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags       Type       State         I-Node   PID/Program name    Path
unix  2      [ ]         DGRAM                    146911   -                   @envoy_domain_socket_0
root@istio-ingress-6c6b94f8f6-56jgp:/#

Why can it be? How can I solve that? I suppose it’s the reason I can’t connect to service from outside the cluster

curl -v http://10.21.3.184:32664/health-check
*   Trying 10.21.3.184...
* TCP_NODELAY set
* Connection failed
* connect to 10.21.3.184 port 32664 failed: Connection refused
* Failed to connect to 10.21.3.184 port 32664: Connection refused
* Closing connection 0
curl: (7) Failed to connect to 10.21.3.184 port 32664: Connection refused

and from inside the cluster

root@istio-pilot-79fbf89bf7-l7pfg:/# curl -v http://10.233.102.154/
*   Trying 10.233.102.154...
* connect to 10.233.102.154 port 80 failed: Connection refused
* Failed to connect to 10.233.102.154 port 80: Connection refused
* Closing connection 0
curl: (7) Failed to connect to 10.233.102.154 port 80: Connection refused
root@istio-pilot-79fbf89bf7-l7pfg:/# curl -v http://10.233.102.154/

About this issue

  • Original URL
  • State: closed
  • Created 6 years ago
  • Reactions: 2
  • Comments: 35 (20 by maintainers)

Most upvoted comments

Same problem in release 0.8.0 LTS.

Istio status

version

[root@master1 istio-0.8.0]# istioctl version
Version: 0.8.0
GitRevision: 6f9f420f0c7119ff4fa6a1966a6f6d89b1b4db84
User: root@48d5ddfd72da
Hub: docker.io/istio
GolangVersion: go1.10.1
BuildStatus: Clean

services

[root@master1 istio-0.8.0]# kubectl get svc -n istio-system
NAME                       TYPE           CLUSTER-IP      EXTERNAL-IP    PORT(S)                                                               AGE
grafana                    ClusterIP      10.233.43.109   <none>         3000/TCP                                                              3d
istio-citadel              ClusterIP      10.233.30.144   <none>         8060/TCP,9093/TCP                                                     3d
istio-egressgateway        ClusterIP      10.233.18.11    <none>         80/TCP,443/TCP                                                        3d
istio-ingressgateway       LoadBalancer   10.233.52.231   10.110.22.77   80:31380/TCP,443:31390/TCP,31400:31400/TCP                            3d
istio-pilot                ClusterIP      10.233.50.41    <none>         15003/TCP,15005/TCP,15007/TCP,15010/TCP,15011/TCP,8080/TCP,9093/TCP   3d
istio-policy               ClusterIP      10.233.50.166   <none>         9091/TCP,15004/TCP,9093/TCP                                           3d
istio-sidecar-injector     ClusterIP      10.233.24.113   <none>         443/TCP                                                               3d
istio-statsd-prom-bridge   ClusterIP      10.233.20.175   <none>         9102/TCP,9125/UDP                                                     3d
istio-telemetry            ClusterIP      10.233.13.10    <none>         9091/TCP,15004/TCP,9093/TCP,42422/TCP                                 3d
prometheus                 ClusterIP      10.233.19.148   <none>         9090/TCP                                                              3d
servicegraph               ClusterIP      10.233.56.71    <none>         8088/TCP                                                              3d
tracing                    LoadBalancer   10.233.40.167   <pending>      80:32052/TCP                                                          3d
zipkin                     ClusterIP      10.233.7.250    <none>         9411/TCP                                                              3d

pods

[root@master1 istio-0.8.0]# kubectl get po -n istio-system
NAME                                       READY     STATUS    RESTARTS   AGE
grafana-687757fb57-q78cn                   1/1       Running   0          3d
istio-citadel-7888b9b4b8-f5nwl             1/1       Running   0          3d
istio-egressgateway-848c4f9d44-8gkxb       1/1       Running   0          3d
istio-ingressgateway-5c67fd94b4-hdr4w      1/1       Running   0          3d
istio-pilot-b79d88b85-ld9vr                2/2       Running   0          3d
istio-policy-5c4f7bb8df-p62lq              2/2       Running   0          3d
istio-sidecar-injector-fc684b97c-btp9j     1/1       Running   0          3d
istio-statsd-prom-bridge-f79f9cf76-796mb   1/1       Running   0          3d
istio-telemetry-664ddfddf7-xvptg           2/2       Running   0          3d
istio-tracing-7f69879dfb-gfrxr             1/1       Running   0          3d
prometheus-67bb94bd9b-n76xn                1/1       Running   0          3d
servicegraph-7fcc4c6759-rh2x4              1/1       Running   0          3d

– The AGE is 3d, because i modified the system’s time –

Bookinfo Sample Application test

I deployed bookinfo app followed by Bookinfo Sample Application

Deploy

I created servcies and pods using samples/bookinfo/kube/bookinfo.yaml

services:

[root@master1 istio-0.8.0]# kubectl get svc -n istio-test
NAME          TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)    AGE
details       ClusterIP   10.233.5.133    <none>        9080/TCP   5h
httpbin       ClusterIP   10.233.6.149    <none>        8000/TCP   2h
productpage   ClusterIP   10.233.33.120   <none>        9080/TCP   5h
ratings       ClusterIP   10.233.30.33    <none>        9080/TCP   5h
reviews       ClusterIP   10.233.27.142   <none>        9080/TCP   5h

pods:

[root@master1 istio-0.8.0]# kubectl get po -n istio-test
NAME                             READY     STATUS    RESTARTS   AGE
details-v1-6897886bd8-dkc7g      2/2       Running   0          5h
httpbin-fcd9d65d9-28g5s          2/2       Running   0          2h
productpage-v1-d56854d6b-952ll   2/2       Running   0          5h
ratings-v1-85f78fbb48-dxl9l      2/2       Running   0          5h
reviews-v1-598969dc45-rshdw      2/2       Running   0          5h
reviews-v2-644946f5d5-trjmd      2/2       Running   0          5h
reviews-v3-7457db9cc7-576sg      2/2       Running   0          5h

Create ingress

I created ingress using to command on top of the page:

kubectl apply -f samples/bookinfo/kube/bookinfo-gateway.yaml

bookinfo-gateway.yaml’s content:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: gateway
  annotations:
    kubernetes.io/ingress.class: "istio"
spec:
  rules:
  - http:
      paths:
      - path: /productpage
        backend:
          serviceName: productpage
          servicePort: 9080
      - path: /login
        backend:
          serviceName: productpage
          servicePort: 9080
      - path: /logout
        backend:
          serviceName: productpage
          servicePort: 9080
      - path: /api/v1/products.*
        backend:
          serviceName: productpage
          servicePort: 9080

ingress

[root@master1 istio-0.8.0]# kubectl get ing -n istio-test
NAME      HOSTS              ADDRESS   PORTS     AGE
gateway   *             80        6h

Confirm

Then confirm that the Bookinfo application is running:

curl

[root@master1 istio-0.8.0]# curl -o /dev/null -s -w "%{http_code}\n" http://10.110.22.77/productpage
000

telnet

[root@icp-71 ~]# telnet 10.110.22.77 80
Trying 10.110.22.77...
telnet: connect to address 10.110.22.77: Connection refused

Status of istio-ingressgateway pod

root@istio-ingressgateway-5c67fd94b4-hdr4w:/# netstat -anlp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 127.0.0.1:15000         0.0.0.0:*               LISTEN      27/envoy        
tcp        0      0 10.233.76.238:56930     10.233.76.119:9091      ESTABLISHED 27/envoy        
tcp        0      0 10.233.76.238:33508     10.233.72.62:8000       ESTABLISHED 27/envoy        
tcp        0      0 10.233.76.238:44048     10.233.116.54:9091      ESTABLISHED 27/envoy        
tcp        0      0 10.233.76.238:45182     10.233.76.119:9091      ESTABLISHED 27/envoy        
tcp        0      0 10.233.76.238:37310     10.233.7.250:9411       ESTABLISHED 27/envoy        
tcp        0      0 10.233.76.238:57570     10.233.76.119:9091      ESTABLISHED 27/envoy        
tcp        0      0 10.233.76.238:60984     10.233.72.62:8000       ESTABLISHED 27/envoy        
tcp        0      0 10.233.76.238:36698     10.233.116.54:9091      ESTABLISHED 27/envoy        
tcp        0      0 10.233.76.238:44664     10.233.7.250:9411       ESTABLISHED 27/envoy        
tcp        0      0 10.233.76.238:37338     10.233.116.54:9091      ESTABLISHED 27/envoy        
tcp        0      0 10.233.76.238:53802     10.233.7.250:9411       ESTABLISHED 27/envoy        
tcp        0      0 10.233.76.238:36048     10.233.76.119:9091      ESTABLISHED 27/envoy        
tcp        0      0 10.233.76.238:37956     10.233.7.250:9411       ESTABLISHED 27/envoy        
tcp        0      0 10.233.76.238:55924     10.233.50.41:15010      ESTABLISHED 27/envoy        
tcp        0      0 10.233.76.238:53182     10.233.116.54:9091      ESTABLISHED 27/envoy        
udp        0      0 10.233.76.238:48566     10.233.20.175:9125      ESTABLISHED 27/envoy        
udp        0      0 10.233.76.238:40739     10.233.20.175:9125      ESTABLISHED 27/envoy        
udp        0      0 10.233.76.238:57260     10.233.20.175:9125      ESTABLISHED 27/envoy        
udp        0      0 10.233.76.238:58041     10.233.20.175:9125      ESTABLISHED 27/envoy        
udp        0      0 10.233.76.238:34077     10.233.20.175:9125      ESTABLISHED 27/envoy        
udp        0      0 10.233.76.238:43000     10.233.20.175:9125      ESTABLISHED 27/envoy        
udp        0      0 10.233.76.238:52921     10.233.20.175:9125      ESTABLISHED 27/envoy        
udp        0      0 10.233.76.238:46321     10.233.20.175:9125      ESTABLISHED 27/envoy        
udp        0      0 10.233.76.238:39051     10.233.20.175:9125      ESTABLISHED 27/envoy        
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags       Type       State         I-Node   PID/Program name    Path
unix  2      [ ]         DGRAM                    1113953  27/envoy            @envoy_domain_socket_0

Then I created an istio gateway, 80 port opened:

Create a gateway

Follow by Configuring a gateway for HTTP

cat <<EOF | istioctl create -n istio-test -f -
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: httpbin-gateway
spec:
  selector:
    istio: ingressgateway # use Istio default gateway implementation
  servers:
  - port:
      number: 80
      name: http
      protocol: HTTP
    hosts:
    - "httpbin.example.com"
EOF

Check ports in istio-ingressgateway pod

root@istio-ingressgateway-5c67fd94b4-hdr4w:/# netstat -anlp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      27/envoy        
tcp        0      0 127.0.0.1:15000         0.0.0.0:*               LISTEN      27/envoy        
tcp        0      0 10.233.76.238:56930     10.233.76.119:9091      ESTABLISHED 27/envoy        
tcp        0      0 10.233.76.238:33508     10.233.72.62:8000       ESTABLISHED 27/envoy        
tcp        0      0 10.233.76.238:44048     10.233.116.54:9091      ESTABLISHED 27/envoy        
tcp        0      0 10.233.76.238:45182     10.233.76.119:9091      ESTABLISHED 27/envoy        
tcp        0      0 10.233.76.238:37310     10.233.7.250:9411       ESTABLISHED 27/envoy        
tcp        0      0 10.233.76.238:57570     10.233.76.119:9091      ESTABLISHED 27/envoy        
tcp        0      0 10.233.76.238:60984     10.233.72.62:8000       ESTABLISHED 27/envoy        
tcp        0      0 10.233.76.238:36698     10.233.116.54:9091      ESTABLISHED 27/envoy        
tcp        0      0 10.233.76.238:44664     10.233.7.250:9411       ESTABLISHED 27/envoy        
tcp        0      0 10.233.76.238:37338     10.233.116.54:9091      ESTABLISHED 27/envoy        
tcp        0      0 10.233.76.238:53802     10.233.7.250:9411       ESTABLISHED 27/envoy        
tcp        0      0 10.233.76.238:36048     10.233.76.119:9091      ESTABLISHED 27/envoy        
tcp        0      0 10.233.76.238:37956     10.233.7.250:9411       ESTABLISHED 27/envoy        
tcp        0      0 10.233.76.238:55924     10.233.50.41:15010      ESTABLISHED 27/envoy        
tcp        0      0 10.233.76.238:53182     10.233.116.54:9091      ESTABLISHED 27/envoy        
udp        0      0 10.233.76.238:48566     10.233.20.175:9125      ESTABLISHED 27/envoy        
udp        0      0 10.233.76.238:40739     10.233.20.175:9125      ESTABLISHED 27/envoy        
udp        0      0 10.233.76.238:57260     10.233.20.175:9125      ESTABLISHED 27/envoy        
udp        0      0 10.233.76.238:58041     10.233.20.175:9125      ESTABLISHED 27/envoy        
udp        0      0 10.233.76.238:34077     10.233.20.175:9125      ESTABLISHED 27/envoy        
udp        0      0 10.233.76.238:43000     10.233.20.175:9125      ESTABLISHED 27/envoy        
udp        0      0 10.233.76.238:52921     10.233.20.175:9125      ESTABLISHED 27/envoy        
udp        0      0 10.233.76.238:46321     10.233.20.175:9125      ESTABLISHED 27/envoy        
udp        0      0 10.233.76.238:39051     10.233.20.175:9125      ESTABLISHED 27/envoy        
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags       Type       State         I-Node   PID/Program name    Path
unix  2      [ ]         DGRAM                    1113953  27/envoy            @envoy_domain_socket_0

Is gateway mandatory in 0.8.0 ?

+3
cwocwo on Jun 2, 2018
Read more comments on GitHub
← istio: isito-validation initContainer report error when istio-cni is not installed correctly
istio: Istio 1.1.1 breaks routing →