Hi, I am setting up a Shared control plane (multi-network) installation and followed the official documentation multicluster/shared-gateways. The mesh include 2 clusters: GKE(primary - cluster1) and EKS(secondary - cluster2). I am usng istio-1.4.3
All pods, services and ingress gateways are running as expected but when I test the cross-cluster routing with: kubectl exec --context=$CTX_CLUSTER1 -it -n sample -c sleep $(kubectl get pod --context=$CTX_CLUSTER1 -n sample -l app=sleep -o jsonpath='{.items[0].metadata.name}') -- curl helloworld.sample:5000/hello I get the error:
upstream connect error or disconnect/reset before headers. reset reason: connection failure
Is there a policy that I need to apply or any other changes that is not mentioned in the documentation?
I have the same issue. The service in the remote cluster is working properly when hit from the local svc.cluster.local endopoint. But the cross-cluster traffic gives me the same error.
* Trying 240.0.0.2...
* TCP_NODELAY set
* Expire in 200 ms for 4 (transfer 0x563d8e483680)
* Connected to httpbin.bar.global (240.0.0.2) port 80 (#0)
> GET /headers HTTP/1.1
> Host: httpbin.bar.global
> User-Agent: curl/7.64.0
> Accept: */*
>
< HTTP/1.1 503 Service Unavailable
< content-length: 91
< content-type: text/plain
< date: Fri, 28 Feb 2020 16:40:22 GMT
< server: envoy
<
* Connection #0 to host httpbin.bar.global left intact
upstream connect error or disconnect/reset before headers. reset reason: conne/
I’ve tested connectivity through out both cluster, and it’s working properly. The problem appears when I try to access the remote service using a Service Entry.
I see the traffic arriving in the remote ingress gw, but I don’t see anything in the envoy sidecar of the application pod.
Btw, I’m using port 15433 in my local cluster service entry. As long as I understand, traffic coming from an envoy sidecar to that ingress gw in a remote cluster, can be routed in the remote cluster without the need of adding VS, DR or GW in the remote cluster. (at least that’s what the docs say.)