Comments (5)
murphye
commented on July 18, 2024
If all the svclb is supposed to do is IP Tables routing, why this is happening is beyond me...
from klipper-lb.
murphye
commented on July 18, 2024
More info for you:
k get svc -n istio-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
istiod ClusterIP 10.43.25.101 <none> 15010/TCP,15012/TCP,443/TCP,15014/TCP 93m
istiod-1-8-3 ClusterIP 10.43.233.100 <none> 15010/TCP,15012/TCP,443/TCP,15014/TCP 92m
istio-ingressgateway LoadBalancer 10.43.152.110 172.26.0.2 15021:30331/TCP,80:30864/TCP,443:31938/TCP,15012:30935/TCP,15443:30695/TCP 91m
k get svc -n istio-system istio-ingressgateway -o yaml
apiVersion: v1
kind: Service
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"v1","kind":"Service","metadata":{"annotations":{},"labels":{"app":"istio-ingressgateway","install.operator.istio.io/owning-resource":"istio-ingress-gw-install","install.operator.istio.io/owning-resource-namespace":"istio-system","istio":"ingressgateway","istio.io/rev":"1-8-3","operator.istio.io/component":"IngressGateways","operator.istio.io/managed":"Reconcile","operator.istio.io/version":"1.8.3","release":"istio"},"name":"istio-ingressgateway","namespace":"istio-system"},"spec":{"ports":[{"name":"status-port","port":15021,"protocol":"TCP","targetPort":15021},{"name":"http2","port":80,"protocol":"TCP","targetPort":8080},{"name":"https","port":443,"protocol":"TCP","targetPort":8443},{"name":"tcp-istiod","port":15012,"protocol":"TCP","targetPort":15012},{"name":"tls","port":15443,"protocol":"TCP","targetPort":15443}],"selector":{"app":"istio-ingressgateway","istio":"ingressgateway"},"type":"LoadBalancer"}}
creationTimestamp: "2021-03-09T20:53:37Z"
labels:
app: istio-ingressgateway
install.operator.istio.io/owning-resource: istio-ingress-gw-install
install.operator.istio.io/owning-resource-namespace: istio-system
istio: ingressgateway
istio.io/rev: 1-8-3
operator.istio.io/component: IngressGateways
operator.istio.io/managed: Reconcile
operator.istio.io/version: 1.8.3
release: istio
managedFields:
- apiVersion: v1
fieldsType: FieldsV1
fieldsV1:
f:metadata:
f:annotations:
.: {}
f:kubectl.kubernetes.io/last-applied-configuration: {}
f:labels:
.: {}
f:app: {}
f:install.operator.istio.io/owning-resource: {}
f:install.operator.istio.io/owning-resource-namespace: {}
f:istio: {}
f:istio.io/rev: {}
f:operator.istio.io/component: {}
f:operator.istio.io/managed: {}
f:operator.istio.io/version: {}
f:release: {}
f:spec:
f:externalTrafficPolicy: {}
f:ports:
.: {}
k:{"port":80,"protocol":"TCP"}:
.: {}
f:name: {}
f:port: {}
f:protocol: {}
f:targetPort: {}
k:{"port":443,"protocol":"TCP"}:
.: {}
f:name: {}
f:port: {}
f:protocol: {}
f:targetPort: {}
k:{"port":15012,"protocol":"TCP"}:
.: {}
f:name: {}
f:port: {}
f:protocol: {}
f:targetPort: {}
k:{"port":15021,"protocol":"TCP"}:
.: {}
f:name: {}
f:port: {}
f:protocol: {}
f:targetPort: {}
k:{"port":15443,"protocol":"TCP"}:
.: {}
f:name: {}
f:port: {}
f:protocol: {}
f:targetPort: {}
f:selector:
.: {}
f:app: {}
f:istio: {}
f:sessionAffinity: {}
f:type: {}
manager: istioctl
operation: Update
time: "2021-03-09T20:53:37Z"
- apiVersion: v1
fieldsType: FieldsV1
fieldsV1:
f:status:
f:loadBalancer:
f:ingress: {}
manager: k3s
operation: Update
time: "2021-03-09T20:53:51Z"
name: istio-ingressgateway
namespace: istio-system
resourceVersion: "1223"
uid: e9ad5ede-1316-4c08-af24-1d8f488bac54
spec:
clusterIP: 10.43.152.110
clusterIPs:
- 10.43.152.110
externalTrafficPolicy: Cluster
ports:
- name: status-port
nodePort: 30331
port: 15021
protocol: TCP
targetPort: 15021
- name: http2
nodePort: 30864
port: 80
protocol: TCP
targetPort: 8080
- name: https
nodePort: 31938
port: 443
protocol: TCP
targetPort: 8443
- name: tcp-istiod
nodePort: 30935
port: 15012
protocol: TCP
targetPort: 15012
- name: tls
nodePort: 30695
port: 15443
protocol: TCP
targetPort: 15443
selector:
app: istio-ingressgateway
istio: ingressgateway
sessionAffinity: None
type: LoadBalancer
status:
loadBalancer:
ingress:
- ip: 172.26.0.2
from klipper-lb.
comphilip
commented on July 18, 2024
k port-forward istio-ingressgateway-5686db779c-z2hk7 7443:43 -n istio-system
You port-forward port's 43 port to localhost 7443 port and certificate works well. While in pod yaml there is no 43 container port declared:
- containerPort: 15021
protocol: TCP
- containerPort: 8080
protocol: TCP
- containerPort: 8443
protocol: TCP
- containerPort: 15012
protocol: TCP
- containerPort: 15443
protocol: TCP
- containerPort: 15090
name: http-envoy-prom
protocol: TCPistio-ingressgateway service declared 443 to pod's 8443, so your pod ports and make it sync with those of service.
from klipper-lb.
juniorz
commented on July 18, 2024
@murphye , did you figure why this happened? I am facing the same issue, standard Istio install with minimal profile via IstioOperator.
from klipper-lb.
murphye
commented on July 18, 2024
@juniorz No. I have not tried this in a long time. You may want to try MetalLB.
from klipper-lb.
Related Issues (20)
- Possible to "bind" to multiple IPs? HOT 1
- Support externalTrafficPolicy: Local HOT 1
- Specifying port range
- Nat not always working HOT 1
- No balancing when node goes down HOT 1
- Standalone version HOT 1
- All requests that reach pods have the load balancer's IP HOT 17
- [BUG] svclb-traefik* won't start after host crash and restart. HOT 4
- I see the klipper-lb support iptables, but it supports ipvs?
- Klipper in wrong namespace and not able to kill the pods
- Alpine 3.15.4 - Release? HOT 1
- Bind to specific interface? HOT 2
- svclb pods state is pending HOT 1
- Dual-Stack LoadBalancers are not supported
- Busybox CVE-2022-48174
- How can inbound traffic be routed exclusively to the current node's Traefik pod? HOT 2
- Requests coming from zerotier-one don't preserve Source IP
- LB crashloop
- [suggestion] support for labeling node with several pools
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from klipper-lb.