Ingress: Connection refused on NodePort and HTTP 503 on service port

Hi all,

I have a problem with my istio installation. I deployed a Gateway and a VirtualService manifest and enable istio-injection in my namespace of my application, but I get connection refused when I want to access my istio-ingressgateway via NodePort.

Also I get a HTTP 503 Service Unavailable when I port-forward to the istio-ingressgateway pod on my service port (13451).

My iptables firewall on the master node is not blocking the traffic.

Here is my GW definition:

---
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: hello-istio-gateway
  namespace: istio-system
spec:
  selector:
    istio: ingressgateway  # use Istio default gateway implementation
  servers:
    - port:
        number: 13451
        name: http
        protocol: HTTP
      hosts:
        - "hello-istio.domain"
---

Here is my VS defintion:

---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: hello-istio-vs
  namespace: istio-system
spec:
  hosts:
    - "hello-istio.domain"
  gateways:
    - hello-istio-gateway.istio-system.svc.cluster.local
  http:
    - match:
        - uri:
            prefix: /
      route:
        - destination:
            port:
              number: 13451
            host: hello-istio.hello-istio.svc.cluster.local
---

My istio contral plane version is 1.3.3.

Any ideas what could be wrong?

Best regards,
rforberger

The HTTP 503 has resolved on the service port.

But I still have the problem with the connection refused on the NodePort.

The NodePort works now too, I had to define port 80 insead of any random port in the Gateway definition. I didn’t dare this, since I didn’t want to route any other traffic via the istio-ingressgateway already.