Replicated control plane configuration not working with v1.7.3 - Regression bug?

pup_seba · October 7, 2020, 2:44pm

Hi,

While trying to configure Repilicated Control Planes as described in this guide:

After doing all the configuration the “sleep” application is unable to communicate with “httpbin” application as described in the documentation. The result of the test is always the same about 503 Service Unavailable error:

kubectl exec --context=kontiki $SLEEP_POD -n multi-test -c sleep -- curl -k -I httpbin.multi-test-bar.global:8000/headers
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0    91    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
HTTP/1.1 503 Service Unavailable
content-length: 91
content-type: text/plain
date: Wed, 07 Oct 2020 13:55:19 GMT
server: envoy

The relevant logs found are:

istio-proxy container in sleep pod on origin cluster

[2020-10-07T13:58:21.775Z] "HEAD /headers HTTP/1.1" 503 UF,URX "-" "-" 0 0 137 - "-" "curl/7.69.1" "5ccf05b7-d0e3-9e38-a581-8c0bdabc98b3" "httpbin.multi-t0" "10.14.10.99:31383" outbound|8000||httpbin.multi-test-bar.global - 240.0.0.2:8000 172.17.141.20:59704 - default

ingress pods on destination cluster

[2020-10-07T13:58:21.900Z] "- - -" 0 NR "-" "-" 0 0 0 - "-" "-" "-" "-" "-" - - 172.17.184.60:15443 172.31.4.248:62395 - -
[2020-10-07T13:58:21.814Z] "- - -" 0 NR "-" "-" 0 0 0 - "-" "-" "-" "-" "-" - - 172.17.133.59:15443 172.31.4.209:38326 - -

Istio 1.7.3 is deployed with Istio-operator on vanilla k8s clusters with version 1.17. Certificates are configured as described in the referenced guide, ServiceEntry created for httpbin is the following:

apiVersion: networking.istio.io/v1beta1
kind: ServiceEntry
metadata:
  name: httpbin-multi-test-bar
spec:
  hosts:
  - httpbin.multi-test-bar.global
  location: MESH_INTERNAL
  ports:
  - name: http1
    number: 8000
    protocol: http
  resolution: DNS
  addresses:
  - 240.0.0.2
  endpoints:
  - address: cluster-2
    network: external
    ports:
      http1: 31383 # nodePort tls exposed port via our proxy
  - address: istio-egressgateway.istio-system.svc.cluster.local
    ports:
      http1: 15443

This error is also referenced in this #Issue where for other people, this very same thing was happening and the way they fixed it was to moving to a previous Istio version like 1.6.8.
edit: I can confirm that my configuration works with version 1.6.8, but it fails with 1.7.3.

Can you please help me understand what’s happening or how could it be fixed?

Thank you very much!

Topic		Replies	Views
Replicated Control Plane 503 NR	1	752	November 17, 2020
Getting 503 for multi cluster replicated control plane Config	3	1390	July 5, 2020
Istio Multicluster DNS lookup of remote service	0	475	December 18, 2019
Multi-cluster Replicated control plane: Could not resolve host: httpbin.bar.global in Azure kubernetes service Networking	3	865	August 16, 2020
Unable to curl httpbin from curl pod Security	1	1082	June 18, 2022

Replicated control plane configuration not working with v1.7.3 - Regression bug?

Related Topics