Issue with connecting to the gateway using node port

I have the following system configuration

Platform: Docker for Desktop on Mac running a k8s cluster
I used the instructions to install Istio and all went well

kubectl get svc -n istio-system
NAME                     TYPE           CLUSTER-IP       EXTERNAL-IP   PORT(S)                                                                                                                                      AGE
grafana                  ClusterIP      10.109.35.123    <none>        3000/TCP                                                                                                                                     2d
istio-citadel            ClusterIP      10.109.36.186    <none>        8060/TCP,15014/TCP                                                                                                                           2d
istio-egressgateway      ClusterIP      10.104.171.70    <none>        80/TCP,443/TCP,15443/TCP                                                                                                                     2d
istio-galley             ClusterIP      10.104.24.190    <none>        443/TCP,15014/TCP,9901/TCP                                                                                                                   2d
istio-ingressgateway     LoadBalancer   10.104.233.142   localhost     15020:32183/TCP,80:31380/TCP,443:31390/TCP,31400:31400/TCP,15029:32221/TCP,15030:30706/TCP,15031:30128/TCP,15032:30612/TCP,15443:31182/TCP   2d
istio-pilot              ClusterIP      10.110.109.100   <none>        15010/TCP,15011/TCP,8080/TCP,15014/TCP                                                                                                       2d
istio-policy             ClusterIP      10.96.101.144    <none>        9091/TCP,15004/TCP,15014/TCP                                                                                                                 2d
istio-sidecar-injector   ClusterIP      10.109.164.225   <none>        443/TCP                                                                                                                                      2d
istio-telemetry          ClusterIP      10.103.5.14      <none>        9091/TCP,15004/TCP,15014/TCP,42422/TCP                                                                                                       2d
jaeger-agent             ClusterIP      None             <none>        5775/UDP,6831/UDP,6832/UDP                                                                                                                   2d
jaeger-collector         ClusterIP      10.108.238.201   <none>        14267/TCP,14268/TCP                                                                                                                          2d
jaeger-query             ClusterIP      10.103.167.223   <none>        16686/TCP                                                                                                                                    2d
kiali                    ClusterIP      10.99.45.80      <none>        20001/TCP                                                                                                                                    2d
prometheus               ClusterIP      10.105.223.210   <none>        9090/TCP                                                                                                                                     2d
tracing                  ClusterIP      10.99.137.199    <none>        80/TCP                                                                                                                                       2d
zipkin                   ClusterIP      10.111.240.226   <none>        9411/TCP                                                                                                                                     2d

kubectl get pods -n istio-system
NAME                                      READY     STATUS    RESTARTS   AGE
grafana-55998bf4dd-nmtcm                  1/1       Running   1          2d
istio-citadel-5c86db7b6b-m2ljj            1/1       Running   1          2d
istio-egressgateway-7d8c6ddcb7-kjq8g      1/1       Running   1          2d
istio-galley-6d97d6f8d-8jqz7              1/1       Running   1          2d
istio-ingressgateway-5b78c55475-cf7kq     1/1       Running   0          2d
istio-pilot-8674ffbc66-6xdxl              2/2       Running   2          2d
istio-policy-558f5d9858-gj96t             2/2       Running   5          2d
istio-sidecar-injector-5fbb6c6575-ccwj5   1/1       Running   1          2d
istio-telemetry-6c99bb9fbf-lvrts          2/2       Running   5          2d
istio-tracing-79c7955c98-9lhwm            1/1       Running   1          2d
kiali-7ff7b959f-879nc                     1/1       Running   1          2d
prometheus-69bddf498b-7wqzk               1/1       Running   1          2d

I installed the Bookinfo app as per the instructions here. Which all went well again.

 kubectl get services
NAME          TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)    AGE
details       ClusterIP   10.109.148.69    <none>        9080/TCP   2d
kubernetes    ClusterIP   10.96.0.1        <none>        443/TCP    3d
productpage   ClusterIP   10.100.167.189   <none>        9080/TCP   2d
ratings       ClusterIP   10.103.215.143   <none>        9080/TCP   2d
reviews       ClusterIP   10.105.28.230    <none>        9080/TCP   2d

kubectl get pods
NAME                              READY     STATUS    RESTARTS   AGE
details-v1-66cc9f7cdf-2w726       2/2       Running   0          2d
productpage-v1-7868c55995-dlfd5   2/2       Running   0          2d
ratings-v1-75985d6d9c-j2k25       2/2       Running   0          2d
reviews-v1-7995dbc67d-j5vxs       2/2       Running   0          2d
reviews-v2-685896c86b-8shsj       2/2       Running   0          2d
reviews-v3-6c8596cc4-st9zc        2/2       Running   0          2d

Now when trying to access the application from outside the cluster, I consistently could not access it on 127.0.0.1:31380. But when I tried accessing 127.0.0.1:80/productpage it works. I think that is the correct behavior given how the ingress gateway resource is setup. There is just an issue with the docs. Is that correct?

Not sure how docker for mac works, but you’re supposed to use the LoadBalancer:31380/productpage to access it. You can check the virtualservice definition for productpage and see that it doesn’t route for /

Following the docs, you would access the application using the GATEWAY_URL. For DockerDesktop on Mac, the INGRESS_HOST will be the loadbalancer hostname ‘localhost’ and INGRESS_PORT will be 80, making the access using localhost:80 which is what you describe (https://preliminary.istio.io/docs/tasks/traffic-management/ingress/ingress-control/#determining-the-ingress-ip-and-ports).

Similarly, using the docs with with an external platform like IKS, the GATEWAY_URL might be something like a.b.c.d:80

@ericvn - when using the docs the INGRESS_PORT following the docs gets set to 31380. So does the GATEWAY_URL which is what created confusion for me.

GATEWAY_URL is the concatenation of the two, so INGRESS_PORT being 31380 would imply the GATEWAY_URL has 31380. I’m was using the latest edge version of Docker Desktop and Istio 1.2.0 as a quick check this morning. I know I’ve been running various tests for a while with Docker (and other platforms) and I don’t recall seeing 31380 recently.

I was wondering if a documentation step was missed (I’ve done that a few times), but you say :80 works so I’m thinking you are OK. Normally, when I miss a step, things are badly broken.

I initially thought I had the same problem with the INGRESS_PORT, but then realized that as shown in the kubectl get svc -n istio-system output above, the gateway has an EXTERNAL-IP and so those instructions for setting INGRESS_PORT are the right ones to follow, which indeed cause it to be set to 80.