使用istio-ingress的publicIP进行的访问服务给出503服务不可用错误

时间:2019-11-07 10:09:50

标签: istio azure-kubernetes

当我使用端口转发并将get请求发送到localhost时,我的服务运行良好,但是将get请求发送到publicDomain则显示503错误消息。 这是我的配置文件:

apiVersion: v1
kind: Service
metadata:
   name: my-app
   namespace: default
spec:
  ports:
   - port: 8080
     targetPort: 8080
     protocol: TCP
     name: http
   - port: 9000
     targetPort: 9000
     protocol: TCP
     name: http1
   - port: 9001
     targetPort: 9001
     protocol: TCP
     name: http2
   selector:
     app: my-app

部署配置:

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: my-app
  namespace: default
spec:
  replicas: 1
  selector:
    matchLabels:
       app: my-app
  template:
    metadata:
      labels:
        app: my-app
    spec:
      containers:
        - image: myrepo.azurecr.io/my-app:12
          name: my-app
          ports:
            - containerPort: 8080
              protocol: TCP
            - containerPort: 8000
              protocol: TCP
            - containerPort: 9000
              protocol: TCP
            - containerPort: 9001
              protocol: TCP

VirtualService配置:

 apiVersion: networking.istio.io/v1alpha3
 kind: VirtualService
 metadata:
   name: my-app
   namespace: default
 spec:
   hosts:
     - "app.mydomain.com"
   gateways:
     - mygateway.istio-system.svc.cluster.local
   http:
     - match:
       - uri:
         prefix: /myprefix
       route:
        - destination:
           host: my-app
           port:
             number: 9001
     - match:
       - uri:
         prefix: /
       route:
        - destination:
          host: my-app
          port:
            number: 9000
     corsPolicy:
       allowOrigin:
       - "https://test1.domain.com"
       - "https://test2.domain.com"
       allowMethods:
       - POST
       - PATCH
       allowCredentials: false
       allowHeaders:
       - X-Tenant-Identifier
       - Content-Type
       maxAge: "24h"

网关配置:

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: my-gateway
  namespace: istio-system
spec:
  selector:
    istio: ingressgateway
  servers:
    - port:
      number: 80
      name: http
      protocol: HTTP
    hosts:
      - "*.mydomain.com"
    #tls:
    #httpsRedirect: true
    - port:
      number: 443
      name: https
      protocol: HTTPS
    hosts:
      - "*.mydomain.com"
    tls:
     mode: SIMPLE
     serverCertificate: /etc/istio/ingressgateway-certs/tls.crt
     privateKey: /etc/istio/ingressgateway-certs/tls.key

以下是更多信息:

$ kubectl get ep my-app
NAME              ENDPOINTS                                               AGE
my-app   10.244.1.169:9000,10.244.1.169:9001,10.244.1.169:8080   26h

如果我转发端口:

 $ kubectl port-forward my-app-podid 6001:9001

,然后使用邮递员将Get请求发送到localhost:6001 / myprefix,它工作正常并返回200 OK响应,但是,如果将Get请求发送到publicdomain app.mydomain.com/myprefix,我也会使用curl收到503错误:

kubectl exec -n istio-system istio-ingressgateway-podid -- curl -v http://my-app.default.svc.cluster.local:9001/myprefix

已连接到my-app.default.svc.cluster.local(10.0.71.212)端口9001(#0)

  

GET / myprefix HTTP / 1.1   主机:my-app.default.svc.cluster.local:9001   用户代理:curl / 7.47.0   接受: /

     

上游连接错误或在标头之前断开连接/重置。重置原因:连接终止

Ingress网关的日志提供的信息不只是503错误消息。 有人知道缺少什么吗?

1 个答案:

答案 0 :(得分:1)

问题在于在“服务”下设置了错误的端口名称。 因此正确的Service.yaml文件如下所示:

 apiVersion: v1
 kind: Service
 metadata:
   name: my-app
   namespace: default
 spec:
   ports:
    - port: 8080
    targetPort: 8080
    protocol: TCP
    name: http-debug
    - port: 9000
    targetPort: 9000
    protocol: TCP
    name: http-app
    - port: 9001
    targetPort: 9001
    protocol: TCP
    name: http-monitoring
  selector:
   app: my-app

https://istio.io/docs/setup/additional-setup/requirements/