Comments (25)
Hi @frankbu Thanks to @mwieczorek, by using command
kubectl describe pod -l app=productpage
I quickly got report that "insufficient cpu". Hence I expanded my container nodes to 8 cores (4 nodes do not work ) in GCE. Then I killed all relevant services before I restarted them again. Thanks to god, everything works as expected.
I suggest that adding this command to document for beginners to check out what is going on.
Thank you again!
from old_issues_repo.
can you try attempt the curl a few more times and then get the logs for the istio-ingress pod?
from old_issues_repo.
@GregHanson here is the logs for the istio-ingress pod. Thanks.
istio-ingress-3255123743-hlh71.txt
from old_issues_repo.
Looks like the ingress can't talk to productpage. Can you try to exec into the ingress pod and see what RDS, CDS, and SDS are returning. Should see something like this:
$ kubectl exec -it <ingress-pod> bash
# curl istio-pilot:8080/v1/routes/80/istio-proxy/ingress
{
"virtual_hosts": [
{
"name": "*",
"domains": [
"*"
],
"routes": [
{
"path": "/login",
"cluster": "out.4bdc5a0e59af7107a7189467360a720381024b5c"
},
{
"path": "/logout",
"cluster": "out.4bdc5a0e59af7107a7189467360a720381024b5c"
},
{
"path": "/productpage",
"cluster": "out.4bdc5a0e59af7107a7189467360a720381024b5c"
}
]
}
]
}
# curl istio-pilot:8080/v1/clusters/istio-proxy/ingress
{
"clusters": [
{
"name": "out.4bdc5a0e59af7107a7189467360a720381024b5c",
"service_name": "productpage.default.svc.cluster.local|http|version=v1",
"connect_timeout_ms": 1000,
"type": "sds",
"lb_type": "round_robin"
}
]
}
# curl "istio-pilot:8080/v1/registration/productpage.default.svc.cluster.local|http|version=v1"
{
"hosts": [
{
"ip_address": "172.17.0.12",
"port": 9080
}
]
}
from old_issues_repo.
Anything is wrong in below output?
[root@c582f1-n28-vm1 grafana]# kubectl exec -it istio-ingress-3255123743-hlh71 bash
root@istio-ingress-3255123743-hlh71:/# curl istio-pilot:8080/v1/routes/80/istio-proxy/ingress
{
"virtual_hosts": [
{
"name": "*",
"domains": [
"*"
],
"routes": [
{
"path": "/login",
"cluster": "out.304d4aa908c3ed9923066c887a9466a0755bd896"
},
{
"path": "/logout",
"cluster": "out.304d4aa908c3ed9923066c887a9466a0755bd896"
},
{
"path": "/productpage",
"cluster": "out.304d4aa908c3ed9923066c887a9466a0755bd896"
}
]
}
]
}root@istio-ingress-3255123743-hlh71:/# curl istio-pilot:8080/v1/clusters/istio-proxy/ingress
{
"clusters": [
{
"name": "out.304d4aa908c3ed9923066c887a9466a0755bd896",
"service_name": "productpage.default.svc.cluster.local|http",
"connect_timeout_ms": 1000,
"type": "sds",
"lb_type": "round_robin"
}
]
}root@istio-ingress-3255123743-hlh71:/# curl "istio-pilot:8080/v1/registration/productpage.default.svc.cluster.local|http|version=v1"
{
"hosts": [
{
"ip_address": "172.30.217.141",
"port": 9080
}
]
}root@istio-ingress-3255123743-hlh71:/#
from old_issues_repo.
from old_issues_repo.
@linda009 it looks right. Can you confirm that 172.30.217.141 is the IP of the productpage pod and check if you can curl 172.30.217.141:9080/productpage
. Seems like that is where it must be failing.
from old_issues_repo.
@frankbu Yes, 172.30.217.141 is the IP of the productpage pod and curl 172.30.217.141:9080/productpage
is failing
[root@c582f1-n28-vm1 ~]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE
details-v1-3207759430-rsjfk 2/2 Running 0 9d 172.30.217.135 169.47.101.180
grafana-4175437752-4f205 1/1 Running 0 9d 172.30.217.134 169.47.101.180
istio-ca-4190117216-kt7hz 1/1 Running 0 5d 172.30.222.139 169.47.101.168
istio-egress-1880612815-ktbvt 1/1 Running 0 9d 172.30.217.133 169.47.101.180
istio-ingress-3255123743-hlh71 1/1 Running 0 5d 172.30.222.141 169.47.101.168
istio-mixer-2598054512-d4770 1/1 Running 0 9d 172.30.217.130 169.47.101.180
istio-pilot-2676867826-jglrs 2/2 Running 0 9d 172.30.222.130 169.47.101.168
productpage-v1-3210513262-85ll7 2/2 Running 0 5d 172.30.217.141 169.47.101.180
prometheus-3208567892-27qvm 1/1 Running 0 9d 172.30.222.132 169.47.101.168
ratings-v1-832276092-03jzw 2/2 Running 0 9d 172.30.12.200 169.47.101.177
reviews-v1-2925430435-1tzsq 2/2 Running 0 9d 172.30.217.136 169.47.101.180
reviews-v2-3541796517-msw21 2/2 Running 0 9d 172.30.222.136 169.47.101.168
reviews-v3-4158162599-rb5dv 2/2 Running 0 9d 172.30.12.201 169.47.101.177
servicegraph-3117540837-vqmhn 1/1 Running 0 9d 172.30.222.134 169.47.101.168
[root@c582f1-n28-vm1 ~]# kubectl exec -it istio-ingress-3255123743-hlh71 bash
root@istio-ingress-3255123743-hlh71:/# curl -v 172.30.217.141:9080/productpage
* Trying 172.30.217.141...
* Connected to 172.30.217.141 (172.30.217.141) port 9080 (#0)
> GET /productpage HTTP/1.1
> Host: 172.30.217.141:9080
> User-Agent: curl/7.47.0
> Accept: */*
>
* Recv failure: Connection reset by peer
* Closing connection 0
curl: (56) Recv failure: Connection reset by peer
root@istio-ingress-3255123743-hlh71:/#
from old_issues_repo.
This is strange since you did say that you were able to access the productpage service using port forwarding, so that implies the service is up and running. We also just confirmed that the Istio routes have been generated correctly and it is trying to call the right thing.
Do you see any related messages in the error logs of the ingress pod or the proxy container of the productpage pod?
I would try to see if you can access the productpage from pods other than the ingress. For example, exec into the ratings pod and see if you can curl the productpage from there.
Other things I would suggest is start up the sleep sample and httpbin sample and see if you can curl from and to those pods in your cluster.
from old_issues_repo.
I deleted the ingress and productpage pods to get clean logs. Do not see any errors in the logs.
istio-ingress-3255123743-17m7h.txt
productpage-v1-3210513262-hxdfh-proxy.txt
curl from rating pod
root@ratings-v1-832276092-03jzw:/usr/src/app# curl -v 172.30.222.144:9080/productpage
* Hostname was NOT found in DNS cache
* Trying 172.30.222.144...
* Connected to 172.30.222.144 (172.30.222.144) port 9080 (#0)
> GET /productpage HTTP/1.1
> User-Agent: curl/7.38.0
> Host: 172.30.222.144:9080
> Accept: */*
>
< HTTP/1.1 404 Not Found
< date: Fri, 30 Jun 2017 02:21:45 GMT
* Server envoy is not blacklisted
< server: envoy
< content-length: 0
<
* Connection #0 to host 172.30.222.144 left intact
root@ratings-v1-832276092-03jzw:/usr/src/app#
curl inside the productpage pod
root@productpage-v1-3210513262-hxdfh:/opt/microservices# curl -v 172.30.222.144:9080/productpage
* Hostname was NOT found in DNS cache
* Trying 172.30.222.144...
* Connected to 172.30.222.144 (172.30.222.144) port 9080 (#0)
> GET /productpage HTTP/1.1
> User-Agent: curl/7.38.0
> Host: 172.30.222.144:9080
> Accept: */*
>
* Recv failure: Connection reset by peer
* Closing connection 0
curl: (56) Recv failure: Connection reset by peer
root@productpage-v1-3210513262-hxdfh:/opt/microservices# curl -v localhost:9080/productpage
* Hostname was NOT found in DNS cache
* Trying ::1...
* connect to ::1 port 9080 failed: Connection refused
* Trying 127.0.0.1...
* Connected to localhost (127.0.0.1) port 9080 (#0)
> GET /productpage HTTP/1.1
> User-Agent: curl/7.38.0
> Host: localhost:9080
> Accept: */*
>
* HTTP 1.0, assume close after body
< HTTP/1.0 200 OK
< Content-Type: text/html; charset=utf-8
< Content-Length: 3674
< Server: Werkzeug/0.11.11 Python/2.7.12
< Date: Fri, 30 Jun 2017 02:37:32 GMT
<
<!DOCTYPE html>
<html>
<head>
<title>Simple Bookstore App</title>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<!-- Latest compiled and minified CSS -->
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/css/bootstrap.min.css">
<!-- Optional theme -->
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/css/bootstrap-theme.min.css">
</head>
<body>
<nav class="navbar navbar-inverse navbar-static-top">
<div class="container">
<div class="navbar-header">
<a class="navbar-brand" href="#">BookInfo Sample</a>
</div>
<button type="button" class="btn btn-default navbar-btn navbar-right" data-toggle="modal" href="#login-modal">Sign in</button>
</div>
</nav>
<!---
<div class="navbar navbar-inverse navbar-fixed-top">
<div class="container">
<div class="navbar-header pull-left">
<a class="navbar-brand" href="#">Microservices Fabric BookInfo Demo</a>
</div>
<div class="navbar-header pull-right">
<button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
</div>
<div class="navbar-collapse collapse">
<button type="button" class="btn btn-default navbar-btn pull-right" data-toggle="modal" data-target="#login-modal">Sign in</button>
</div>
</div>
</div>
-->
<div id="login-modal" class="modal fade" role="dialog">
<div class="modal-dialog">
<div class="modal-content">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal">×</button>
<h4 class="modal-title">Please sign in</h4>
</div>
<div class="modal-body">
<form method="post" action='login' name="login_form">
<p><input type="text" class="form-control" name="username" id="username" placeholder="User Name"></p>
<p><input type="password" class="form-control" name="passwd" placeholder="Password"></p>
<p>
<button type="submit" class="btn btn-primary">Sign in</button>
<button type="button" class="btn btn-default" data-dismiss="modal">Cancel</button>
</p>
</form>
</div>
</div>
</div>
</div>
<div class="container-fluid">
<div class="row">
<div class="col-md-12">
<h3 class="text-center text-primary">The Comedy of Errors</h3>
<p> <a href="https://en.wikipedia.org/wiki/The_Comedy_of_Errors">Wikipedia
Summary</a>: The Comedy of Errors is one of <b>William
Shakespeare's</b> early plays. It is his shortest and one of his
most farcical comedies, with a major part of the humour coming
from slapstick and mistaken identity, in addition to puns and word
play.</p>
</div>
</div>
<div class="row">
<div class="col-md-6">
<h3>Sorry, product details are currently unavailable for this book.</h3>
</div>
<div class="col-md-6">
<h3>Sorry, product reviews are currently unavailable for this book.</h3>
</div>
</div>
</div>
<!-- Latest compiled and minified JavaScript -->
<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.1.4/jquery.min.js"></script>
<!-- Latest compiled and minified JavaScript -->
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/js/bootstrap.min.js"></script>
<script type="text/javascript">
$('#login-modal').on('shown.bs.modal', function () {
$('#username').focus();
});
</script>
</body>
</html>
* Closing connection 0
root@productpage-v1-3210513262-hxdfh:/opt/microservices# exit
exit
[root@c582f1-n28-vm1 ~]#
So it can not work when use cluster IP, it can work when use localhost.
from old_issues_repo.
Please try to run the sleep service (https://github.com/istio/istio/tree/master/samples/apps/sleep) and then from it (exec -it <sleep pod> -c sleep bash
) try the following:
curl -v ratings:9080/ratings
curl -v productpage:9080/productpage
If both of those don't work, please try one more thing. Run the nttpbin service (https://github.com/istio/istio/tree/master/samples/apps/httpbin) and then try to curl it from the sleep service:
curl -v httpbin:8000/headers
from old_issues_repo.
@frankbu unfortunately, none of them can work.
[root@c582f1-n28-vm1 istio-0.1.6]# kubectl exec -it sleep-216554478-2c431 -c sleep bash
root@sleep-216554478-2c431:/# curl -v ratings:9080/ratings
* Hostname was NOT found in DNS cache
* Trying 10.10.10.79...
* Connected to ratings (10.10.10.79) port 9080 (#0)
> GET /ratings HTTP/1.1
> User-Agent: curl/7.35.0
> Host: ratings:9080
> Accept: */*
>
< HTTP/1.1 503 Service Unavailable
< content-length: 57
< content-type: text/plain
< date: Sat, 01 Jul 2017 13:17:37 GMT
* Server envoy is not blacklisted
< server: envoy
<
* Connection #0 to host ratings left intact
upstream connect error or disconnect/reset before headers
root@sleep-216554478-2c431:/# curl -v productpage:9080/productpage
* Hostname was NOT found in DNS cache
* Trying 10.10.10.121...
* Connected to productpage (10.10.10.121) port 9080 (#0)
> GET /productpage HTTP/1.1
> User-Agent: curl/7.35.0
> Host: productpage:9080
> Accept: */*
>
< HTTP/1.1 503 Service Unavailable
< content-length: 57
< content-type: text/plain
< date: Sat, 01 Jul 2017 13:18:01 GMT
* Server envoy is not blacklisted
< server: envoy
<
* Connection #0 to host productpage left intact
upstream connect error or disconnect/reset before headers
[root@c582f1-n28-vm1 istio-0.1.6]# kubectl exec -it sleep-216554478-2c431 -c sleep bash
root@sleep-216554478-2c431:/# curl -v httpbin:8000/headers
* Hostname was NOT found in DNS cache
* Trying 10.10.10.22...
* Connected to httpbin (10.10.10.22) port 8000 (#0)
> GET /headers HTTP/1.1
> User-Agent: curl/7.35.0
> Host: httpbin:8000
> Accept: */*
>
< HTTP/1.1 503 Service Unavailable
< content-length: 57
< content-type: text/plain
< date: Sat, 01 Jul 2017 13:26:00 GMT
* Server envoy is not blacklisted
< server: envoy
<
* Connection #0 to host httpbin left intact
upstream connect error or disconnect/reset before headersroot@sleep-216554478-2c431:/#
from old_issues_repo.
Sounds like maybe networking in you cluster isn't working at all, not just istio. Have you tried to curl between plain k8s (no kube-inject) services? Have you tried to kill everything and restart the whole thing?
from old_issues_repo.
@frankbu I have the exact same scenario. Have tried all that was said above with the same results.
Running Tectonic/k8s 1.6.7 with istio 0.1.6 on AWS.
I can set up a simple echo service/deployment using plain k8s and can curl that from the ingress pod.
Any further insights on what the issue might be?
@linda009 did you ever come to a solution?
from old_issues_repo.
HI @frankbu , the out is that the
root@istio-ingress-1054723629-g47vg:/# curl istio-pilot:8080/v1/clusters/istio-proxy/ingress
{
"clusters": [
{
"name": "out.304d4aa908c3ed9923066c887a9466a0755bd896",
"service_name": "productpage.default.svc.cluster.local|http",
"connect_timeout_ms": 1000,
"type": "sds",
"lb_type": "round_robin"
}
]
}
then:
root@istio-ingress-1054723629-g47vg:/# curl "istio-pilot:8080/v1/registration/productpage.default.svc.cluster.local|http"
{
"hosts": []
}
So what the hell it is?
from old_issues_repo.
@yiakwy you're problem is different than the one we're discussing here. It looks like the productpage pod, for whatever reason, failed to run up properly (there's no registered instance).
@tpiecora Interesting. By exact same problem, do you mean all the xDS curls generated the correct expected output and you also tried all the sleep service and httpbin service tests above? This is a very strange situation that so far seems to have only been happening to @linda009. I had assumed it has been resolved, given no more info. If you want to try to debug from basics, I would suggest shutting down Istio first, and then 1) run the sleep and httpbin services using plain k8s (no kube-inject) and confirm you can curl httpbin from the sleep pod. 2) stop the two services, and then install istio. 3) run sleep and httpbin again (with kube-inject), and see if you can still curl or not. This will give you a minimal test case, where hopefully we can get to the bottom of this.
from old_issues_repo.
I am seeing the same issue on GKE, using Istio 0.1.6, and Kubernetes 1.6.7.
from old_issues_repo.
I am seeing the same issue on GKE, using Istio 0.1.6, and Kubernetes 1.6.7.
I've re-configured everything from scratch, and I'm not seeing the issue any more. I believe I must have glanced over what's said in step 5 and applied istio.yaml
as well as istio-auth.yaml
.
from old_issues_repo.
Glad to hear that.
from old_issues_repo.
I have resolved this issue by removing grafana, Prometheus and service graph pods and create k8s cluster on GKE with 8 nodes.
from old_issues_repo.
I got code 429 when curl istio-ingress service
from old_issues_repo.
@linda009 @hzxuzhonghu are you still having the same problems in istio verison 0.5.1 or later?
from old_issues_repo.
@GregHanson Sorry, not use it recently.
from old_issues_repo.
closing issue until more info is provided
from old_issues_repo.
hitting the same with istio1.0.5
from old_issues_repo.
Related Issues (20)
- [BUG] Bookinfo tracing broken HOT 2
- BUG: Mirroring not working in Istio 0.8.0? HOT 2
- Istio 0.8.0 exposes Jaeger tracing page to the external world
- When multiple gateways are defined, only the first one is being used. HOT 5
- kubernetesenv adapter clusterDomain check HOT 1
- Istio sidecar-injector not ready after deploying istio release-0.8
- External services connectivity problem HOT 5
- How get client external ip to extrapolate geolocation HOT 2
- Deploying with rbac disabled causes pilot to never deploy HOT 1
- .0.8 latest can't pull the docker image HOT 21
- make tracing endpoint configuration straightforward HOT 2
- Traffic Management: ALL https requests work (even without a ServiceEntry) HOT 7
- High latency at scale HOT 1
- istio-pilot pod restart 60 times in nine days HOT 1
- Service Entry Not Working HOT 9
- Requests hang in fresh helm install on k8s v1.10.2-gke.3 HOT 5
- EgressRule not working for AMQP (RabbitMQ) HOT 4
- Unable to access the grafana dashboard. HOT 2
- Error: customresourcedefinitions.apiextensions.k8s.io "gateways.networking.istio.io" already exists HOT 1
- istio circuit breaker doesn't work HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from old_issues_repo.