How to inject istio proxy on to deployed GKE application and expose it with ingress gateway

#1

Hello Everyone

am new to Istio
Trying to inject istio proxy to a deployed GKE application and expose it through ingress gateway

1.installed istio on GKE
2.deployed nodejs application (responder is a simple node express js application running on port 7001 and returning hello world string on a get call) on GKE
3.tried deploying attached yaml and gateway yamls to inject proxy and expose it through ingress gateway
4.when trying to access it through external ip of istio ingress-gateway, getting 404 not found
curl -I http://{GATEWAY_URL}/hw
HTTP/1.1 404 Not Found
x-powered-by: Express
content-security-policy: default-src ‘self’
x-content-type-options: nosniff
content-type: text/html; charset=utf-8
content-length: 142
date: Tue, 23 Apr 2019 13:17:58 GMT
x-envoy-upstream-service-time: 43
server: envoy

Where as able to deploy bookinfo from istio samples and access it external ip of istio ingress-gateway
kubectl apply -f <(istioctl kube-inject -f samples/bookinfo/platform/kube/bookinfo.yaml)
kubectl apply -f samples/bookinfo/networking/bookinfo-gateway.yaml
kubectl get svc istio-ingressgateway -n istio-system
export GATEWAY_URL=
curl -I http://${GATEWAY_URL}/productpage

Any quick help on this appreciated

#2

Hello @rani

I am testing on 1.1.3 and not on GKE, so there may be some difference in our behaviors.

I took the httpbin example (https://istio.io/docs/tasks/traffic-management/ingress/), and tried changing it to use your match containing an exact: and a prefix: (it has two prefix: by default) as I wanted to verify that there wasn’t an issue with having both. That did work for me.

Looking at the VirtualService:

k get virtualservices.networking.istio.io httpbin -o yaml                                                                                  
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"networking.istio.io/v1alpha3","kind":"VirtualService","metadata":{"annotations":{},"name":"httpbin","namespace":"default"},"spec":{"gateways":["httpbin-gateway"],"hosts":["httpbin.example.com"],"http":[{"match":[{"uri":{"exact":"/status/200"}},{"uri":{"prefix":"/delay"}}],"route":[{"destination":{"host":"httpbin","port":{"number":8000}}}]}]}}
  creationTimestamp: "2019-04-24T14:26:44Z"
  generation: 1
  name: httpbin
  namespace: default
  resourceVersion: "1950958"
  selfLink: /apis/networking.istio.io/v1alpha3/namespaces/default/virtualservices/httpbin
  uid: fc3bf522-669c-11e9-856a-faddfeab4c9f
spec:
  gateways:
  - httpbin-gateway
  hosts:
  - httpbin.example.com
  http:
  - match:
    - uri:
        exact: /status/200
    - uri:
        prefix: /delay
    route:
    - destination:
        host: httpbin
        port:
          number: 8000

and

curl -I -HHost:httpbin.example.com http://$INGRESS_HOST:$INGRESS_PORT/status/201                                                 
HTTP/1.1 404 Not Found
date: Wed, 24 Apr 2019 14:26:59 GMT
server: istio-envoy
transfer-encoding: chunked

curl -I -HHost:httpbin.example.com http://$INGRESS_HOST:$INGRESS_PORT/status/200
HTTP/1.1 200 OK
server: istio-envoy
date: Wed, 24 Apr 2019 14:27:06 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
access-control-allow-credentials: true
content-length: 0
x-envoy-upstream-service-time: 2

I think I’ve verified that things should work. Do you have any logging in responder? Does a curl /api/v1/responder/… work?

#3

Hi Eric

your httpbin gateway yaml seems to be different from my responder-gateway.yaml
responder-gateway yaml is a copy of helloworld-gateway.yaml with change of gateway names, uri, ports,etc.
i changed from exact to prefix and below is updated responder-gateway.yaml which was applied

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: responder-gateway
spec:
selector:
istio: ingressgateway # use istio default controller
servers:

  • port:
    number: 7001
    name: http
    protocol: HTTP
    hosts:
    • “*”

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: responder
spec:
hosts:

  • “*”
    gateways:
  • responder-gateway
    http:
  • match:
    • uri:
      prefix: /hw
    • uri:
      prefix: /api/v1/responder
      route:
    • destination:
      host: responder
      port:
      number: 7001
      tried accessing responder application but getting 404 not found

here is my responder.js
const express = require(‘express’)
const app = express()
const port = 7001
app.get(’/’, (req, res) => res.send(‘Hello World!’))
app.listen(port, () => console.log(Example app listening on port ${port}!))

Built docker image, pushed to google cloud registry
Deployed it on to GKE by injecting proxy
kubectl apply -f <(istioctl kube-inject -f responder.yaml)
after deploying seeing responder pod in running state, not sure why not able to access it in curl or in browser

#4

Port number in the gateway config wont be 7001. It defines the port on which you will be doing curl i.e. 80 or 443(if you have setup TLS certs).

#5

Hi Sourabh

i already tried port 80 in gateway config, but no luck
i have bookinfo sample application also running which is working
can we have 2 applications exposed on gateway with same port 80?

curl -I http://{GATEWAY_URL}/hw
HTTP/1.1 404 Not Found
x-powered-by: Express
content-security-policy: default-src ‘self’
x-content-type-options: nosniff
content-type: text/html; charset=utf-8
content-length: 142
date: Thu, 25 Apr 2019 13:49:09 GMT
x-envoy-upstream-service-time: 11
server: envoy

kubectl get gateway NAME AGE bookinfo-gateway 5d responder-gateway 45s kubectl get virtualservice
NAME AGE
bookinfo 5d
responder 52s
curl -I http://{GATEWAY_URL}/productpage
HTTP/1.1 200 OK
content-type: text/html; charset=utf-8
content-length: 4415
server: envoy
date: Thu, 25 Apr 2019 13:50:55 GMT
x-envoy-upstream-service-time: 45