Quickstart + Bookinfo App + Consul + Docker is redirecting outbound to only one Microservice

#1

Hi,

After following instructions to Consul+Docker (setup consul Quickstart) and BookInfo App for Docker with Consul, when confirming that via browser, we should see details, reviews and ratings. Instead I get Error fetching product details|reviews|ratings.
If I curl details|ratings|reviews from productpage container, it goes to different outbounds.

Am I missing something?
If needed, I can share envoy config_dump and envoy.log of specific scenarios.

Thanks,

#2

This example has been in need of a tune up for awhile, sorry @vinicius.artur . I am investigating a few parts of this right now, but one immediate item of concern is in samples/bookinfo/platform/consul/bookinfo.sidecars.yaml: all of the proxy_init containers are using an out of date image tag and so traffic is not getting captured by the sidecars. There are six places in the file where you need to replace proxy_init:0.7.1 with the same tag that is used for the proxy_debug image, for example: proxy_init:1.1.4

This will get default routing working, and you should start seeing the 3 different versions of reviews service as you refresh your browser.

There is an additional problem as well with VirutalService rules not producing the desired version based routing - I am working on debugging currently and will update

1 Like
#3

After changing proxy_init from 0.7.1 to 1.1.4, it was working well in my browser, but the requests were not passing through Envoy.
So after adding manually a IPtables rule to go through Envoy, I’m having again the previous issue. If I curl reviews, details or ratings it keeps going to the same outbound (this time is going to productpage), so I get 404 from productpage server and envoy.log shows the requests are going to outbound|9080||productpage.service.consul.
Is that issue you are debugging, right?
What about the manual IPtables rule I had to add to the requests pass through Envoy?

Before:
-A ISTIO_IN_REDIRECT -p tcp -j REDIRECT --to-ports 15001
-A ISTIO_OUTPUT ! -d 127.0.0.1/32 -o lo -j ISTIO_REDIRECT
-A ISTIO_OUTPUT -m owner --uid-owner 1337 -j RETURN
-A ISTIO_OUTPUT -m owner --gid-owner 1337 -j RETURN
-A ISTIO_OUTPUT -d 127.0.0.1/32 -j RETURN
-A ISTIO_REDIRECT -p tcp -j REDIRECT --to-ports 15001

Then I added:
-A ISTIO_OUTPUT -j ISTIO_REDIRECT

#4

@vinicius.artur you were definitely on the right track and were seeing the same problems I was. In install/consul/istio.yaml the registrator container is using latest tag, but this is several years old. The image tag needs to be updated to master:

registrator:
image: gliderlabs/registrator:master

EDIT: if you are using latest version of istio release, this tag change may already be present

Next due to some changes to the consul conversion logic, need to add SERVICE_VERSION=X env var to each app in samples/bookinfo/platform/consul/bookinfo.yaml. For example:

environment:
  - SERVICE_NAME=details
  - SERVICE_TAGS=version|v1
  - SERVICE_PROTOCOL=http
  - SERVICE_VERSION=v1

Lastly, there are additional flags that need to be added to the samples/bookinfo/platform/consul/bookinfo.sidecars.yaml for each of the *-init containers present for each bookinfo app. For example:

details-v1-init:
image: docker.io/istio/proxy_init:{PROXY_TAG}
cap_add:
- NET_ADMIN
network_mode: “container:consul_details-v1_1”
command:
- -p
- “15001”
- -u
- “1337”
- -m
- REDIRECT
- -i
- “*”
- -b
- “9080”

1 Like
#5

you can see the PR diff here: https://github.com/istio/istio/pull/13984/files

1 Like
#6

Thank you for being so responsive. It’s working perfectly now!
Just one thing: latest Istio release still has registrator:latest. So I had to change to registrator:master by myself.

#7

Another feedback: To run successfully the Request Timeouts task I had to change from microservice to microservice.service.consul in fields hosts and host of the kubectl apply commands.