I am learning Istio and trying to access the nginx welcome page using istio routing when client has a specific header. I have the service below:
$ kubectl -n istio-system get svc istio-ingressgateway-can
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
istio-ingressgateway-can LoadBalancer 10.23.105.173 148.187.106.66 80:30017/TCP,443:32269/TCP 164d
And
$ kubectl -n istio-system describe svc istio-ingressgateway-can
Name: istio-ingressgateway-can
Namespace: istio-system
Labels: app=istio-ingressgateway-customer-user
app.kubernetes.io/managed-by=Helm
istio=ingressgateway-customer-user
peerauthentication=ingressgateway
release=cray-istio
Annotations: external-dns.alpha.kubernetes.io/hostname: api.can.alps.cscs.ch,auth.can.alps.cscs.ch
meta.helm.sh/release-name: cray-istio
meta.helm.sh/release-namespace: istio-system
metallb.universe.tf/address-pool: customer-access
Selector: app=istio-ingressgateway-customer-user,istio=ingressgateway-customer-user
Type: LoadBalancer
IP Families: <none>
IP: 10.23.105.173
IPs: 10.23.105.173
LoadBalancer Ingress: 148.187.106.66
Port: http2 80/TCP
TargetPort: 80/TCP
NodePort: http2 30017/TCP
Endpoints: 10.38.128.107:80,10.38.128.74:80,10.40.128.34:80
Port: https 443/TCP
TargetPort: 443/TCP
NodePort: https 32269/TCP
Endpoints: 10.38.128.107:443,10.38.128.74:443,10.40.128.34:443
Session Affinity: None
External Traffic Policy: Cluster
Events: <none>
And this gateway
kubectl -n services describe gateway customer-user-gateway
Name: customer-user-gateway
Namespace: services
Labels: app=istio-ingressgateway
app.kubernetes.io/managed-by=Helm
gateway=customer-user-gateway
Annotations: meta.helm.sh/release-name: cray-istio
meta.helm.sh/release-namespace: istio-system
...
Spec:
Selector:
Istio: ingressgateway-customer-user
Servers:
Hosts:
*
Port:
Name: http
Number: 80
Protocol: HTTP
Hosts:
*
Port:
Name: https-443
Number: 443
Protocol: HTTPS
Tls:
Credential Name: ingress-gateway-cert
Mode: SIMPLE
I also have the following deployment, virtual service and service
$ kubectl -n nginx-proxy apply -f - <<EOF
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-test
labels:
app: nginx-test
namespace: nginx-proxy
spec:
replicas: 1
strategy:
type: Recreate
rollingUpdate: null
selector:
matchLabels:
app: nginx-test
template:
metadata:
labels:
app: nginx-test
spec:
containers:
- name: nginx-test
image: cache/nginx:1.18.0
ports:
- containerPort: 80
- containerPort: 443
EOF
$ kubectl apply -f - <<EOF
apiVersion: v1
kind: Service
metadata:
name: nginx-test
namespace: nginx-proxy
spec:
selector:
app: nginx-test
ports:
- port: 80
protocol: TCP
EOF
$ kubectl -n nginx-proxy apply -f - <<EOF
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: nginx-test
spec:
hosts:
- "*"
gateways:
- customer-user-gateway
http:
- match:
- headers:
User-Agent:
prefix: nginx
route:
- destination:
host: nginx-test.nginx-proxy
port:
number: 80
EOF
I am trying to access the nginx pod through istio-ingressgateway-can external IP. But so far I have been unsuccessful.
My issue is that the curl command gets stuck when running the command below:
curl -I -H 'User-Agent: nginx-test' -vvvv http://148.187.106.66:30017
* Trying 148.187.106.66:30017...
* TCP_NODELAY set
* Connected to 148.187.106.66 (148.187.106.66) port 30017 (#0)
> HEAD / HTTP/1.1
> Host: 148.187.106.66:30017
> Accept: */*
> User-Agent: nginx-test
>
I would like to ask for help to understand what I am doing wrong.