I have a simple Istio setup and I have a link I don’t understand in my Kiali dashboard.
Here’s the graph, the link I don’t understand is the one from my Ingress gateway (
istio-ingressgateway-carbon) to the unknown
As you can see from the graph, probably all the requests from the outside (~1000/s) go to the VirtualService as expected. However, I have a few requests (~1req every 10s) that goes to the unknown service (at least from Kiali’s point of view), and I have no idea where they come from.
I tried changing the frequency of the liveness and readiness probes, but the frequency of the requests to the unknown service did not change, so it’s (probably) not that.
Anybody has any idea where are those from? Or how to find the source of these requests?
I’ll dump here the relevant (shortened) manifests, please don’t hesitate to ask for more if you think they can help.
apiVersion: apps/v1 kind: Deployment metadata: name: carbon namespace: carbon spec: selector: matchLabels: app: carbon type: api template: metadata: labels: app: carbon type: api spec: serviceAccountName: carbon containers: - name: carbon ports: - name: http-carbon containerPort: 8990 livenessProbe: httpGet: scheme: HTTP path: /metrics port: 8990 initialDelaySeconds: 30 readinessProbe: httpGet: scheme: HTTP path: /metrics port: 8990 initialDelaySeconds: 30 # A few things like affinity, volumes, etc. have been removed
apiVersion: v1 kind: Service metadata: name: carbon namespace: carbon spec: type: NodePort selector: app: carbon type: api ports: - name: http-carbon protocol: TCP port: 8990 targetPort: 8990
kind: VirtualService apiVersion: networking.istio.io/v1beta1 metadata: name: carbon namespace: carbon spec: gateways: - carbon-gateway hosts: - full.fqdn.com http: - route: - destination: host: carbon weight: 100
apiVersion: networking.istio.io/v1alpha3 kind: Gateway metadata: name: carbon-gateway spec: selector: istio: ingressgateway-carbon servers: - port: number: 443 name: https protocol: HTTPS tls: mode: SIMPLE credentialName: https-secret hosts: - full.fqdn.com
I have setup a custom Ingress gateway using
istioctl manifest generate with the following customisation:
apiVersion: install.istio.io/v1alpha1 kind: IstioOperator spec: tag: 1.6.8 addonComponents: prometheus: enabled: true kiali: enabled: true grafana: enabled: true components: ingressGateways: - name: istio-ingressgateway enabled: false - name: istio-ingressgateway-carbon enabled: true namespace: carbon label: app: istio-ingressgateway-carbon istio: ingressgateway-carbon release: istio k8s: service: loadBalancerIP: <redacted IP> ports: - name: https port: 443
Thanks you for your help!