Hi, I am learning Istion and I need help with a test/toi example I am working on. My goal is to reach a pod in k8s running nginx, to prove this I hope to be able to see the nginx welcome page. I also want to use istio routing because I want to use an external IP to access the pod.
This is the service
$ kubectl -n istio-system get svc ...
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
istio-ingressgateway-can LoadBalancer 10.23.105.173 148.187.106.66 80:30017/TCP,443:32269/TCP 164d
And
kubectl -n istio-system describe svc istio-ingressgateway-can
Name: istio-ingressgateway-can
Namespace: istio-system
Labels: app=istio-ingressgateway-customer-user
app.kubernetes.io/managed-by=Helm
istio=ingressgateway-customer-user
peerauthentication=ingressgateway
release=cray-istio
Annotations: external-dns.alpha.kubernetes.io/hostname: api.can.alps.cscs.ch,auth.can.alps.cscs.ch
meta.helm.sh/release-name: cray-istio
meta.helm.sh/release-namespace: istio-system
metallb.universe.tf/address-pool: customer-access
Selector: app=istio-ingressgateway-customer-user,istio=ingressgateway-customer-user
Type: LoadBalancer
IP Families: <none>
IP: 10.23.105.173
IPs: 10.23.105.173
LoadBalancer Ingress: 148.187.106.66
Port: http2 80/TCP
TargetPort: 80/TCP
NodePort: http2 30017/TCP
Endpoints: 10.38.128.107:80,10.38.128.74:80,10.40.128.34:80
Port: https 443/TCP
TargetPort: 443/TCP
NodePort: https 32269/TCP
Endpoints: 10.38.128.107:443,10.38.128.74:443,10.40.128.34:443
Session Affinity: None
External Traffic Policy: Cluster
Events: <none>
This is the gateway
kubectl -n services describe gateway customer-user-gateway
Name: customer-user-gateway
Namespace: services
Labels: app=istio-ingressgateway
app.kubernetes.io/managed-by=Helm
gateway=customer-user-gateway
Annotations: meta.helm.sh/release-name: cray-istio
meta.helm.sh/release-namespace: istio-system
API Version: networking.istio.io/v1beta1
Kind: Gateway
Metadata:
Creation Timestamp: 2022-07-25T10:48:39Z
Generation: 1
Managed Fields:
API Version: networking.istio.io/v1beta1
Fields Type: FieldsV1
fieldsV1:
f:metadata:
f:annotations:
.:
f:meta.helm.sh/release-name:
f:meta.helm.sh/release-namespace:
f:labels:
.:
f:app:
f:app.kubernetes.io/managed-by:
f:gateway:
f:spec:
.:
f:selector:
.:
f:istio:
f:servers:
Manager: Go-http-client
Operation: Update
Time: 2022-07-25T10:48:39Z
Resource Version: 61044921
UID: 088ecd01-e38f-408f-bfaa-297546be6705
Spec:
Selector:
Istio: ingressgateway-customer-user
Servers:
Hosts:
*
Port:
Name: http
Number: 80
Protocol: HTTP
Hosts:
*
Port:
Name: https-443
Number: 443
Protocol: HTTPS
Tls:
Credential Name: ingress-gateway-cert
Mode: SIMPLE
Events:
And these are the nginx deployment with the service and virtual service
$ kubectl -n nginx-proxy apply -f - <<EOF
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-test
labels:
app: nginx-test
namespace: nginx-proxy
spec:
replicas: 1
strategy:
type: Recreate
rollingUpdate: null
selector:
matchLabels:
app: nginx-test
template:
metadata:
labels:
app: nginx-test
spec:
containers:
- name: nginx-test
image: cache/nginx:1.18.0
ports:
- containerPort: 80
- containerPort: 443
EOF
$ kubectl apply -f - <<EOF
apiVersion: v1
kind: Service
metadata:
name: nginx-test
namespace: nginx-proxy
spec:
selector:
app: nginx-test
ports:
- port: 80
protocol: TCP
EOF
$ kubectl -n nginx-proxy apply -f - <<EOF
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: nginx-test
spec:
hosts:
- "*"
gateways:
- customer-user-gateway
http:
- match:
- headers:
User-Agent:
prefix: nginx
route:
- destination:
host: nginx-test.nginx-proxy
port:
number: 80
EOF
I can reach the nginx welcome page using the pod IP
curl http://10.42.128.67
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
But I am unsuccessful using the external IP and the matching header, using the nodePort gets stuck
curl -I -H 'User-Agent: nginx-test' -vvvv http://148.187.106.66:30017
* Trying 148.187.106.66:30017...
* TCP_NODELAY set
* Connected to 148.187.106.66 (148.187.106.66) port 30017 (#0)
> HEAD / HTTP/1.1
> Host: 148.187.106.66:30017
> Accept: */*
> User-Agent: nginx-test
>
Using port 80 gives an 404 Not Found error
curl -I -H 'User-Agent: nginx-test' -vvvv http://148.187.106.66
* Trying 148.187.106.66:80...
* TCP_NODELAY set
* Connected to 148.187.106.66 (148.187.106.66) port 80 (#0)
> HEAD / HTTP/1.1
> Host: 148.187.106.66
> Accept: */*
> User-Agent: nginx-test
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 404 Not Found
HTTP/1.1 404 Not Found
< date: Sat, 12 Nov 2022 18:56:42 GMT
date: Sat, 12 Nov 2022 18:56:42 GMT
< server: istio-envoy
server: istio-envoy
< transfer-encoding: chunked
transfer-encoding: chunked
<
* Connection #0 to host 148.187.106.66 left intact
Could someone please help me understand what am I doing wrong?