Istio DestinationRule 在 headers 之前给出上游连接错误或 disconnect/reset
Istio DestinationRule gives upstream connect error or disconnect/reset before headers
我尝试在部署在 Google Cloud Kubernetes 集群上的 2 个应用程序之间获取一些基本路由,并且我有这个配置:
apiVersion: v1
kind: Service
metadata:
name: kubeapp
labels:
app: kubeapp
spec:
ports:
- port: 8080
name: http
selector:
app: kubeapp
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: kubeapp-v1
spec:
replicas: 1
template:
metadata:
labels:
app: kubeapp
version: kubeapp-v1
spec:
containers:
- name: kubeapp-v1
image: .......
ports:
- name: kubeapp-v1
containerPort: 8080
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: kubeapp-v2
spec:
replicas: 1
template:
metadata:
labels:
app: kubeapp
version: kubeapp-v2
spec:
containers:
- name: kubeapp-v2
image: .......
ports:
- name: kubeapp-v2
containerPort: 8080
---
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: kubeapp-gateway
spec:
selector:
istio: ingressgateway # use istio default controller
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: kubeapp
spec:
hosts:
- "*"
gateways:
- kubeapp-gateway
http:
- route:
- destination:
host: kubeapp
port: 8080
效果很好,流量达到 50/50,但是当我尝试为 lb 添加一些基本规则时,例如:
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: kubeapp
spec:
hosts:
- "*"
gateways:
- kubeapp-gateway
http:
- route:
- destination:
host: kubeapp
port:
number: 8080
subset: kubeapp-v1
weight: 90
- destination:
host: kubeapp
port:
number: 8080
subset: kubeapp-v2
weight: 10
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: kubeapp
spec:
host: kubeapp
subsets:
- name: kubeapp-v1
labels:
version: kubeapp-v1
- name: kubeapp-v2
labels:
version: kubeapp-v2
我得到了upstream connect error or disconnect/reset before headers
我尝试在所有 3 种模式下安装 Istio 并将其部署到不同的集群节点大小(我看到 Istio 有时在某些特定的集群大小上有一些错误)但没有成功。
此类问题的一个非常常见的原因是您的 DestinationRule 导致了 mTLS 冲突。该问题记录在案 here。
我尝试在部署在 Google Cloud Kubernetes 集群上的 2 个应用程序之间获取一些基本路由,并且我有这个配置:
apiVersion: v1
kind: Service
metadata:
name: kubeapp
labels:
app: kubeapp
spec:
ports:
- port: 8080
name: http
selector:
app: kubeapp
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: kubeapp-v1
spec:
replicas: 1
template:
metadata:
labels:
app: kubeapp
version: kubeapp-v1
spec:
containers:
- name: kubeapp-v1
image: .......
ports:
- name: kubeapp-v1
containerPort: 8080
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: kubeapp-v2
spec:
replicas: 1
template:
metadata:
labels:
app: kubeapp
version: kubeapp-v2
spec:
containers:
- name: kubeapp-v2
image: .......
ports:
- name: kubeapp-v2
containerPort: 8080
---
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: kubeapp-gateway
spec:
selector:
istio: ingressgateway # use istio default controller
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: kubeapp
spec:
hosts:
- "*"
gateways:
- kubeapp-gateway
http:
- route:
- destination:
host: kubeapp
port: 8080
效果很好,流量达到 50/50,但是当我尝试为 lb 添加一些基本规则时,例如:
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: kubeapp
spec:
hosts:
- "*"
gateways:
- kubeapp-gateway
http:
- route:
- destination:
host: kubeapp
port:
number: 8080
subset: kubeapp-v1
weight: 90
- destination:
host: kubeapp
port:
number: 8080
subset: kubeapp-v2
weight: 10
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: kubeapp
spec:
host: kubeapp
subsets:
- name: kubeapp-v1
labels:
version: kubeapp-v1
- name: kubeapp-v2
labels:
version: kubeapp-v2
我得到了upstream connect error or disconnect/reset before headers
我尝试在所有 3 种模式下安装 Istio 并将其部署到不同的集群节点大小(我看到 Istio 有时在某些特定的集群大小上有一些错误)但没有成功。
此类问题的一个非常常见的原因是您的 DestinationRule 导致了 mTLS 冲突。该问题记录在案 here。