search

istio / istio.io

Source for the istio.io site
https://istio.io/
Apache License 2.0
761 stars 1.54k forks source link

connection refused calling to ingress gateway on wsl2 docker desktop #9891

Open brolinuk opened 3 years ago

brolinuk commented 3 years ago

I am trying to run the bookinfo example on my local with wsl2 and docker desk. I am having issues when trying to access the productpage service via the gateway as I got the connection refused. I am not sure whether I missed anything. Here is what I have done after googled a lot on the internet

1) Deployed all services from bookinfo example and all up running, I can curl productpage from other service using kubectl exec 2) Deployed bookinfo-gateway using the file from the example without any change under the default namespace

Name: bookinfo-gateway Namespace: default Labels: Annotations: API Version: networking.istio.io/v1beta1 Kind: Gateway Metadata: Creation Timestamp: 2021-06-06T20:47:18Z Generation: 1 Managed Fields: API Version: networking.istio.io/v1alpha3 Fields Type: FieldsV1 fieldsV1: f:metadata: f:annotations: .: f:kubectl.kubernetes.io/last-applied-configuration: f:spec: .: f:selector: .: f:istio: f:servers: Manager: kubectl-client-side-apply Operation: Update Time: 2021-06-06T20:47:18Z Resource Version: 2053564 Self Link: /apis/networking.istio.io/v1beta1/namespaces/default/gateways/bookinfo-gateway UID: aa390a1d-2e34-4599-a1ec-50ad7aa9bdc6 Spec: Selector: Istio: ingressgateway Servers: Hosts: * Port: Name: http Number: 80 Protocol: HTTP Events: 3) The istio-ingressgateway can expose to the outside via localhost (not sure how this can be configured as it is deployed during istio installation) on 80, which I as understand will be used by bookinfo-gateway kubectl get svc istio-ingressgateway -n istio-system enter image description here image

4) following Determining the ingress IP and ports section in the instruction https://istio.io/latest/docs/setup/getting-started/ My INGRESS_HOST=127.0.0.1 and INGRESS_PORT is 80

5) curl -v -s http://127.0.0.1:80/productpage | grep -o ".*"

7) further question if it is relevant. I am a bit confusing how wsl2 works now. It looks like localhost on windows browser and wsl2 terminal are not the same thing, though I know there is kind of forwarding from windows to wsl2 server (which I can get its IP from /etc/resolv.conf). if it is the same, why one return connection refused and the other return 404

8) On windows I have tried to disable IIS or anything running on port 80 (net stop http). Somehow, I still can see something listen to port 80

netstat -aon | findstr :80 TCP 0.0.0.0:80 0.0.0.0:0 LISTENING 4

tasklist /svc /FI "PID eq 4"

Image Name PID Services ========================= ======== ============================================ System 4 N/A I am wondering whether this is what causes the difference in point 7? As windows is running on another http server on port 80?

I know this a lot of questions asked. I believe many of us that new to istio and wsl2 may have similar questions. Hopefully, this helps others as well. Please advise. Many thanks

rootsongjc commented 11 months ago

TLDR

Your issue with accessing the BookInfo application via the Istio Ingress Gateway could be due to misconfiguration or port conflicts, especially considering the use of WSL2 and Docker Desktop. It's essential to ensure correct port forwarding and address potential port conflicts on Windows.

Explanation

Accessing services in a Kubernetes cluster running in WSL2 via Istio's Ingress Gateway involves several components: Istio setup, Kubernetes service exposure, and network port forwarding. The connection refusal and 404 errors indicate a possible misconfiguration or a networking issue.

Detailed Answer

  1. Istio Ingress Gateway Exposure:

    • The Istio Ingress Gateway is typically exposed externally, but its configuration might differ based on the environment. In your case, it seems to be configured to listen on port 80.

  2. Verifying Gateway and Virtual Service:

    • Ensure that the Istio Gateway and associated VirtualService for the BookInfo app are correctly configured. The Gateway handles incoming requests, while VirtualService directs these requests to the appropriate service.

  3. WSL2 Networking Considerations:

    • WSL2 networking can be complex. It runs a separate network from Windows, but ports can be forwarded to Windows.
    • The localhost on Windows and WSL2 might not refer to the same environment. Use the WSL2 IP address (found in /etc/resolv.conf) to test services running inside WSL2.

  4. Windows Port Conflicts:

    • If something on Windows listens on port 80 (as your netstat output suggests), it could conflict with the port forwarding from WSL2.
    • Ensure no other service (like IIS or another web server) is using port 80 on Windows.

  5. Testing Access:

    • Try accessing the service using the WSL2 IP address instead of localhost or 127.0.0.1.
    • If you get a 404 from the browser but a connection refused from curl, it might indicate a port forwarding issue or a misconfiguration in the Istio Ingress setup.

Suggested Next Steps

  1. Check Istio Components: Verify that your Istio Ingress Gateway and VirtualService are correctly set up for the BookInfo application.
  2. Resolve Port Conflicts: Ensure that no other service on Windows is using port 80. You might need to change the port on which Istio Ingress Gateway is exposed.
  3. Test with WSL2 IP: Instead of localhost, use the IP address from /etc/resolv.conf in WSL2 to access your service.
  4. Review Docker Desktop Settings: Check Docker Desktop's settings related to Kubernetes and networking. Ensure it is configured to work correctly with WSL2.
  5. Examine Istio Logs: Check the logs of the Istio Ingress Gateway for any errors or clues (kubectl logs -n istio-system <istio-ingressgateway-pod-name>).

Additional Resources

By addressing these areas, you should be able to identify and resolve the issue with accessing the BookInfo application.