Service Entry Not Working
Closed this issue · 9 comments
Is this a BUG or FEATURE REQUEST?:
Did you review https://istio.io/help/ and existing issues to identify if this is already solved or being worked on?:
Bug:
Not sure
What Version of Istio and Kubernetes are you using, where did you get Istio from, Installation details
istioctl version
Version: 0.8.0
GitRevision: 6f9f420f0c7119ff4fa6a1966a6f6d89b1b4db84
User: root@48d5ddfd72da
Hub: docker.io/istio
GolangVersion: go1.10.1
BuildStatus: Clean
kubectl version
Client Version: version.Info{Major:"1", Minor:"9", GitVersion:"v1.9.7", GitCommit:"dd5e1a2978fd0b97d9b78e1564398aeea7e7fe92", GitTreeState:"clean", BuildDate:"2018-04-19T00:05:56Z", GoVersion:"go1.9.3", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"9", GitVersion:"v1.9.1", GitCommit:"3a1c9449a956b6026f075fa3134ff92f7d55f812", GitTreeState:"clean", BuildDate:"2018-01-04T11:40:06Z", GoVersion:"go1.9.2", Compiler
Is Istio Auth enabled or not ?
Auth is not enabled, I used istio-demo.yaml to install istio
What happened:
I tried to use the external example (ServiceEntry):
cat <<EOF | istioctl create -f -
apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
name: httpbin-ext
spec:
hosts:
- httpbin.org
ports:
- number: 80
name: http
protocol: HTTP
EOF
cat <<EOF | istioctl create -f -
apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
name: google-ext
spec:
hosts:
- www.google.com
ports:
- number: 443
name: https
protocol: HTTPS
EOF
I keep getting errors when I try to curl from the sleep pod:
root@sleep-6ccf857cc6-b9jh4:/# curl http://httpbin.org/headers -I
HTTP/1.1 503 Service Unavailable
content-length: 19
content-type: text/plain
date: Thu, 14 Jun 2018 10:40:20 GMT
server: envoy
root@sleep-6ccf857cc6-b9jh4:/# curl -I https://www.google.com
curl: (35) Unknown SSL protocol error in connection to www.google.com:443
Some log output from the istio proxy sidecar of the sleep pod:
[2018-06-14 11:00:39.419][14][info][upstream] external/envoy/source/server/lds_api.cc:60] lds: add/update listener 'tcp_0.0.0.0_443'
[2018-06-14T11:00:37.373Z] "HEAD /headers HTTP/1.1" 503 UH 0 19 0 - "-" "curl/7.35.0" "d06828ed-7fd6-9383-adad-170177b00427" "httpbin.org" "-"
[2018-06-14 11:01:40.298][14][info][upstream] external/envoy/source/common/upstream/cluster_manager_impl.cc:388] add/update cluster out.www.google.com|https starting warming
[2018-06-14 11:01:40.299][14][info][upstream] external/envoy/source/common/upstream/cluster_manager_impl.cc:395] warming cluster out.www.google.com|https complete
How to reproduce it:
I did a fresh install and followed the example guides.
@infinitydon Can you try explicitly setting the resolution
type to DNS
in your Service Entries?
cat <<EOF | istioctl create -f -
apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
name: httpbin-ext
spec:
hosts:
- httpbin.org
ports:
- number: 80
name: http
protocol: HTTP
resolution: DNS
EOF
cat <<EOF | istioctl create -f -
apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
name: google-ext
spec:
hosts:
- www.google.com
ports:
- number: 443
name: https
protocol: HTTPS
resolution: DNS
EOF
@GregHanson -- Thanks, it works now..
How do I know when to use the resolution:DNS ?
Because I followed the example exactly in the docs
It works for me without resoulution: DNS
, with istio-demo.yaml
. Strange.
It's possible that there is a bug in the default resolution type NONE
or how we are generating the envoy config in this case. In this case resolution type DNS
just tells envoy to direct traffic to the host in hosts
Cool.. the other thing that comes to my mind is that am running this on AWS and I really doubt if this should affect the deployment..
Thanks for the effort!.. Will go ahead and close this.
Hi,
I am trying to connect to AWS RDS from istio environment.
Our application is JAVA Application.
My mysql ServiceEntry file is as follows:
apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
name: mysql-external
spec:
hosts:
- xxxxxxxxxxxxxxxxxxx.rds.amazonaws.com
addresses:
- XX.XX.XX.XX/32
ports:
- name: jdbc
number: 3306
protocol: tcp
location: MESH_EXTERNAL
We are using the config file in application as follows:
...
....
sql_db_conn_url : "jdbc:mysql://rds_endpoint/inventory_management?autoReconnect=true&useUnicode=true&characterEncoding=UTF-8&serverTimezone=UTC&failOverReadOnly=false&maxReconnects=10&rewriteBatchedStatements=true"
-- | --
sql_db_user : "username"
sql_db_passwd : "password"
...
.....
I have created a service using a Service file as below:
apiVersion: v1
kind: Service
metadata:
name: abc
labels:
app: abc
spec:
ports:
- port: 8080
name: http
selector:
app: abc
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: abc
spec:
replicas: 1
template:
metadata:
labels:
app: abc
version: v1
spec:
containers:
- name: abc
image: 5550XXXXXXXXXXXXXXXXXXXXXXXXxx/test:mysql
imagePullPolicy: IfNotPresent
env:
- name: DB_TYPE
value: "mysql"
- name: MYSQL_DB_HOST
value: xxxxxxxxxxxxxxxxxxx.rds.amazonaws.com
- name: MYSQL_DB_PORT
value: 3306
- name: MYSQL_DB_USER
value: user
- name: MYSQL_DB_PASSWORD
value: password
ports:
- containerPort: 8080
When I try to connect to database getting the below error:
{"@timestamp":"2018-10-15T11:04:25.381+0000","@message":"com.mchange.v2.resourcepool.BasicResourcePool$ScatteredAcquireTask@3f24bdc4 -- Acquisition Attempt Failed!!! Clearing pending acquires. While trying to acquire a needed new resource, we failed to succeed more than the maximum number of allowed acquisition attempts (30). Last acquisition attempt exception: ","@source":"com.mchange.v2.resourcepool.BasicResourcePool","@source_host":"pqinventory-v1-795965f574-h9lnc","@fields":{"timestamp":1539601465381,"level":"WARNING","line_number":315,"class":"com.mchange.v2.resourcepool.BasicResourcePool","method":"","exception_class":"java.sql.SQLException","exception_message":"No suitable driver","stacktrace":"java.sql.SQLException: No suitable driver\n\tat java.sql.DriverManager.getDriver(DriverManager.java:315)\n\tat com.mchange.v2.c3p0.DriverManagerDataSource.driver(DriverManagerDataSource.java:285)\n\tat com.mchange.v2.c3p0.DriverManagerDataSource.getConnection(DriverManagerDataSource.java:175)\n\tat com.mchange.v2.c3p0.WrapperConnectionPoolDataSource.getPooledConnection(WrapperConnectionPoolDataSource.java:220)\n\tat com.mchange.v2.c3p0.WrapperConnectionPoolDataSource.getPooledConnection(WrapperConnectionPoolDataSource.java:206)\n\tat com.mchange.v2.c3p0.impl.C3P0PooledConnectionPool$1PooledConnectionResourcePoolManager.acquireResource(C3P0PooledConnectionPool.java:203)\n\tat com.mchange.v2.resourcepool.BasicResourcePool.doAcquire(BasicResourcePool.java:1138)\n\tat com.mchange.v2.resourcepool.BasicResourcePool.doAcquireAndDecrementPendingAcquiresWithinLockOnSuccess(BasicResourcePool.java:1125)\n\tat com.mchange.v2.resourcepool.BasicResourcePool.access$700(BasicResourcePool.java:44)\n\tat com.mchange.v2.resourcepool.BasicResourcePool$ScatteredAcquireTask.run(BasicResourcePool.java:1870)\n\tat com.mchange.v2.async.ThreadPoolAsynchronousRunner$PoolThread.run(ThreadPoolAsynchronousRunner.java:696)\n"}
Please let me know how to resolve the RDS and how to connect to RDS
Can you try to call the port something like tcp-jdbc
?
Thanks for the quick response Sir.
I have changed like this:
ports:
- name: tcp-jdbc
number: 3306
protocol: tcp
even then I am ending up with the error. Sir.
Here is an example of connecting to external MySQL instance https://preliminary.istio.io/blog/2018/egress-tcp/ .
Can you try to connect by using mysql command line or telnet?