I am trying to set up a simple proof of concept for istio for our buisness. I have two microservices, one of which should call the other. The first service (recxnise) uses a rest template to call endpoints on the second service (notification-service). recxnise calls endpoints like http://notification-service:8090/emails/feedback but always gets a 503 and nothing ever appears in the istio-proxy logs.
my configuration yaml will appear in a comment on this post as ‘new users can only have 2 links in a post’
any help or advice would be greatly appreciated.
apiVersion: v1
kind: Service
metadata:
name: notification-service
labels:
app: notification-service
service: notification-service
spec:
ports:
- port: 8090
name: http
selector:
app: notification-service
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: notification-service-v1
labels:
app: notification-service
version: v1
spec:
replicas: 1
template:
metadata:
labels:
app: notification-service
version: v1
spec:
containers:
- name: notification-service
image:
imagePullPolicy: Always
env:
- name: MAIL_HOST
value:
- name: MAIL_USERNAME
value:
- name: MAIL_PASSWORD
value:
- name: MAIL_FROM_ADDRESS
value:
- name: MAIL_FEEDBACK_ADMIN
value:
- name: MAIL_FAILURE_ADDRESS
value:
- name: AWS_ACCESS_KEY_ID
value:
- name: AWS_SECRET_ACCESS_KEY
value:
- name: AWS_BUCKET_NAME
value:
- name: AWS_REGION
value:
- name: TEMPLATE_PATH
value:
ports:
- containerPort: 8090
apiVersion: v1
kind: Service
metadata:
name: recxnise
labels:
app: recxnise
service: recxnise
spec:
ports:
- port: 8737
name: tcp
selector:
app: recxnise
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: recxnise-v1
labels:
app: recxnise
version: v1
spec:
replicas: 1
template:
metadata:
labels:
app: recxnise
version: v1
spec:
containers:
- name: recxnise
image:
imagePullPolicy: Always
env:
- name: DB_TYPE
value: postgreSQL
- name: POSTGRES_URL
value:
- name: POSTGRES_USER
value:
- name: POSTGRES_PASSWORD
value:
- name: POSTGRES_DATABASE
value:
- name: TOKEN_EXP_MS
value:
- name: HMAC_SECRET
value:
- name: EMAIL_URL
value:
- name: expiry
value: 86400
ports:
- containerPort: 8737
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: notification-service-route
spec:
hosts:
- notification-service
http:
- route:
- destination:
host: notification-service
port:
number: 8090
subset: v1
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: notification-service-destination
spec:
host: notification-service.istio-development.svc.cluster.local
subsets:
- name: v1
labels:
version: v1
Did you install Istio with Istio-Auth? If so, perhaps you need to add mTLS to DestinationRule as is explained here:
https://bani.com.br/2018/08/istio-mtls-debugging-a-503-error/