IstIO出口网关给出HTTP 503错误

时间:2019-12-04 11:01:58

标签: kubernetes istio

我具有以下清单,用于部署IstIO出口网关路由:

---
apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
  name: REDACTED-egress-se
spec:
  hosts:
  - sahfpxa.REDACTED
  ports:
  - number: 8080
    name: http-port
    protocol: HTTP
  resolution: DNS
---
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: sahfpxa-REDACTED-egress-gw
spec:
  selector:
    istio: egressgateway
  servers:
  - port:
      number: 8080
      name: http
      protocol: HTTP
    hosts:
    - sahfpxa.REDACTED
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
  name: egressgateway-for-sahfpxa-REDACTED
spec:
  host: istio-egressgateway.istio-system.svc.cluster.local
  subsets:
  - name: sahfpxa
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: direct-sahfpxa-REDACTED-through-egress-gateway
spec:
  hosts:
  - sahfpxa.REDACTED
  gateways:
  - REDACTED/REDACTED-egress-gw
  - mesh
  http:
  - match:
    - gateways:
      - mesh
      port: 8080
    route:
    - destination:
        host: istio-egressgateway.istio-system.svc.cluster.local
        subset: sahfpxa
        port:
          number: 80
      weight: 100
  - match:
    - gateways:
      - REDACTED/sahfpxa-REDACTED-egress-gw
      port: 8080
    route:
    - destination:
        host: sahfpxa.REDACTED
        port:
          number: 8080
      weight: 100

但是我从受影响名称空间的sidecar istio-proxy容器Pod拒绝了连接,并从该名称空间的工作负载容器中收到HTTP 503错误。

有什么想法可能会导致配置出错或如何调试?

谢谢。

最好的问候, rforberger

1 个答案:

答案 0 :(得分:1)

您的部署清单中几乎没有错误,例如NA NA 20并未指向您的DestinationRule

您可以尝试将您的清单文件与这些文件匹配:

ServiceEntry
apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
  name: etth
spec:
  hosts:
  - etth.pl
  ports:
  - number: 8080
    name: http-port
    protocol: HTTP
  resolution: DNS

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: istio-egressgateway
spec:
  selector:
    istio: egressgateway
  servers:
  - port:
      number: 80
      name: http
      protocol: HTTP
    hosts:
    - etth.pl
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
  name: egressgateway-for-cnn
spec:
  host: istio-egressgateway.istio-system.svc.cluster.local
  subsets:
  - name: etth

您可以检查以下路线是否存在: apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: direct-cnn-through-egress-gateway spec: hosts: - etth.pl gateways: - istio-egressgateway - mesh http: - match: - gateways: - mesh port: 80 route: - destination: host: istio-egressgateway.istio-system.svc.cluster.local subset: etth port: number: 80 weight: 100 - match: - gateways: - istio-egressgateway port: 80 route: - destination: host: etth.pl port: number: 8080 weight: 100 

istioctl pc routes $(kubectl get pods -l istio=egressgateway -o jsonpath='{.items[0].metadata.name}' -n istio-system).istio-system -o json
相关问题
最新问题