Re: ISTIO + GKE

adecchi-2inno · 11-03-2022 01:04 PM

Hi GCP Users,

I am running istio 1.15.2 on GKE 1.24.3. I have an issue when I try to get some services via the private endpoint(Internal Ingress/ Internal ALB).
For example, If i execute the curl command from the container application I get the status code 404, If I execute the same curl command from the istio-proxy sidecar or VM in the private network I get the status code 200.
Then, if set the Host header and Port in the request it works from the container application I get 200:

curl -XGET http://10.10.7.5/test/health -H "Host: api-internal.mycompany.com:8080" -I

I was looking for the domain at config_dump and looks like this:

"name": "api-internal.mycompany.com:80", "domains": [ "api-internal.mycompany.com", "api-internal.mycompany.com:80" ]

The problem looks like it is the autority hedaer.

Not Working:

':authority', 'api-internal.mycompany.com' ':path', '/my-service/health' ':method', 'GET' 'user-agent', 'curl/7.83.1' 'accept', '*/*'

Working(when send host and port header):

:authority', 'api-internal.mycompany.com:8080' ':path', '/my-service/health' ':method', 'GET' ':scheme', 'http' 'user-agent', 'curl/7.83.1' 'accept', '*/*'

ErnestoC

It would be good for this problem if you could create a GCP support case within the Cloud Console. It would allow the support team to directly interact with your project and GKE configurations as might be needed.

adecchi-2inno

Thanks Ernesto for your reply, but at the moment I am evaluating the GKE Platform with ISTIO for future business cases. So, to get support for Google GCP I need get some kind of support based on the monthly charges. So, I decided to go for the google community help, that probably someone had this similar situation.

HectorArturo

Hello adecchi-2inno

If that is the case, the best solution would be to post a question in Stack Overflow or Server Fault.