I have a simple Istio setup and I have a link I don’t understand in my Kiali dashboard.
Here’s the graph, the link I don’t understand is the one from my Ingress gateway (istio-ingressgateway-carbon
) to the unknown carbon.carbon.svc.cluster.local
.
As you can see from the graph, probably all the requests from the outside (~1000/s) go to the VirtualService as expected. However, I have a few requests (~1req every 10s) that goes to the unknown service (at least from Kiali’s point of view), and I have no idea where they come from.
I tried changing the frequency of the liveness and readiness probes, but the frequency of the requests to the unknown service did not change, so it’s (probably) not that.
Anybody has any idea where are those from? Or how to find the source of these requests?
I’ll dump here the relevant (shortened) manifests, please don’t hesitate to ask for more if you think they can help.
Deployment:
apiVersion: apps/v1
kind: Deployment
metadata:
name: carbon
namespace: carbon
spec:
selector:
matchLabels:
app: carbon
type: api
template:
metadata:
labels:
app: carbon
type: api
spec:
serviceAccountName: carbon
containers:
- name: carbon
ports:
- name: http-carbon
containerPort: 8990
livenessProbe:
httpGet:
scheme: HTTP
path: /metrics
port: 8990
initialDelaySeconds: 30
readinessProbe:
httpGet:
scheme: HTTP
path: /metrics
port: 8990
initialDelaySeconds: 30
# A few things like affinity, volumes, etc. have been removed
Service:
apiVersion: v1
kind: Service
metadata:
name: carbon
namespace: carbon
spec:
type: NodePort
selector:
app: carbon
type: api
ports:
- name: http-carbon
protocol: TCP
port: 8990
targetPort: 8990
VirtualService:
kind: VirtualService
apiVersion: networking.istio.io/v1beta1
metadata:
name: carbon
namespace: carbon
spec:
gateways:
- carbon-gateway
hosts:
- full.fqdn.com
http:
- route:
- destination:
host: carbon
weight: 100
Gateway:
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: carbon-gateway
spec:
selector:
istio: ingressgateway-carbon
servers:
- port:
number: 443
name: https
protocol: HTTPS
tls:
mode: SIMPLE
credentialName: https-secret
hosts:
- full.fqdn.com
I have setup a custom Ingress gateway using istioctl manifest generate
with the following customisation:
apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
spec:
tag: 1.6.8
addonComponents:
prometheus:
enabled: true
kiali:
enabled: true
grafana:
enabled: true
components:
ingressGateways:
- name: istio-ingressgateway
enabled: false
- name: istio-ingressgateway-carbon
enabled: true
namespace: carbon
label:
app: istio-ingressgateway-carbon
istio: ingressgateway-carbon
release: istio
k8s:
service:
loadBalancerIP: <redacted IP>
ports:
- name: https
port: 443
Thanks you for your help!