Search code examples
kuberneteskubernetes-ingressistioenvoyproxydocker-desktop

istio ingress 404 on docker desktop

I have been trying to run a local cluster on kubernetes and istio on macOS using Docker desktop. I used the bookinfo example and everything runs fine.

I have one of my own service and I am unable to get it to run. I try to hit it using postman and always get a 404.

I am unable to debug it, I might just be missing something or doing something stupid. These are my yaml files

gateway.yaml

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: reeal-gateway
spec:
  selector:
    istio: ingressgateway # use istio default controller
  servers:
  - port:
      number: 80
      name: http
      protocol: HTTP
    hosts:
    - "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: reeal
spec:
  hosts:
  - "*"
  gateways:
  - reeal-gateway
  http:
  - match:
    - uri:
        exact: /feed
    route:
    - destination:
        host: feed
        port:
          number: 8080

service.yaml

apiVersion: v1
kind: Service
metadata:
  name: feed
  labels:
    app: feed
    service: feed
spec:
  selector:
    app: feed
  ports:
    - port: 8080
      name: http
---
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: reeal-feed
  labels:
    account: feed
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: feed-deployment
  labels:
    app: feed
    version: v1
spec:
  replicas: 1
  selector:
    matchLabels:
      app: feed
      version: v1
  template:
    metadata:
      labels:
        app: feed
        version: v1
    spec:
      serviceAccountName: reeal-feed
      volumes:
      - name: firestore-key
        secret:
          secretName: firestore-cred
      containers:
      - name: feed-service
        image: reealadmin/feed-service:latest
        imagePullPolicy: Always
        ports:
        - containerPort: 8080
        volumeMounts:
        - name: firestore-key
          mountPath: /var/secrets/google
        env:
        - name: GOOGLE_APPLICATION_CREDENTIALS
          value: /var/secrets/google/key.json
      imagePullSecrets:
        - name: regcred

I have tested the service by exposing it using Nodeport and i can curl and get the respective response, however I am making some mistake to not be able to configure the ingress properly.

URL

I am using below for my URL. The url formed is localhost/feed

export INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="http2")].port}')
export SECURE_INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="https")].port}')


export INGRESS_HOST=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')

echo $INGRESS_HOST
echo $INGRESS_PORT
echo $SECURE_INGRESS_PORT

ERROR

[2020-08-22T01:01:05.088Z] "GET /feed HTTP/1.1" 404 - "-" "-" 0 19 29 22 "192.168.65.3" "PostmanRuntime/7.26.3" "e5705c53-6e70-9dbe-b831-764f9c7be63e" "localhost" "10.1.0.41:8080" outbound|8080||feed.default.svc.cluster.local 10.1.0.25:40654 10.1.0.25:8080 192.168.65.3:59050 - -

Really need help here.

Solution

  • If you get 404 error, this means that your application is reached but does not have a /feed page.

    You either can change your app to serve all content on that contextPath or do a rewrite on your VirtualService:

    http:
  - match:
    - uri:
        exact: /feed
    rewrite:
      uri: /
    route:
    - destination:
        host: feed
        port:
          number: 8080