Skip to content

Instantly share code, notes, and snippets.

@gotwarlost

gotwarlost/Dockerfile

Last active May 6, 2019 19:09
Show Gist options
  • Save gotwarlost/77cb404653acadc190c2e318085cc11b to your computer and use it in GitHub Desktop.
Save gotwarlost/77cb404653acadc190c2e318085cc11b to your computer and use it in GitHub Desktop.
Download ZIP
istio test of 2 services pointing to 2 container ports
Raw
deploy.yaml
apiVersion: v1
kind: Namespace
metadata:
name: twoports
labels:
istio-injection: enabled
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: twoports
namespace: twoports
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: twoports
namespace: twoports
labels:
app: twoports
spec:
selector:
matchLabels:
app: twoports
template:
metadata:
labels:
app: twoports
spec:
serviceAccountName: twoports
containers:
- name: twoports
image: gotwarlost/istio-test:latest
ports:
- containerPort: 8080
name: http-regular
protocol: TCP
- containerPort: 9090
name: http-admin
protocol: TCP
---
apiVersion: v1
kind: Service
metadata:
name: regular
namespace: twoports
labels:
app: regular-service
spec:
ports:
- name: http-regular
port: 80
targetPort: 8080
protocol: TCP
selector:
app: twoports
---
apiVersion: v1
kind: Service
metadata:
name: admin
namespace: twoports
labels:
app: admin-service
spec:
ports:
- name: http-admin
port: 80
targetPort: 9090
protocol: TCP
selector:
app: twoports
Raw
Dockerfile
FROM golang:1.10 as builder
COPY ./main.go /go/src/twoports/main.go
WORKDIR /go/src/twoports
ENV CGO_ENABLED 0
RUN go install .
# so we can get `curl`
FROM tutum/curl
COPY --from=builder /go/bin/twoports /usr/bin/twoports
ENTRYPOINT [ "/usr/bin/twoports" ]
Raw
main.go
package main
import (
"io"
"log"
"net/http"
)
func main() {
h1 := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
io.WriteString(w, "hello regular user\n")
})
h2 := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
io.WriteString(w, "hello admin user\n")
})
go func() {
log.Println("listening on 8080")
http.ListenAndServe(":8080", h1)
}()
log.Println("listening on 9090")
http.ListenAndServe(":9090", h2)
}
Raw
pilot-logs.md 
"pilot_conflict_inbound_listener": {
            "twoports-86b4c7cbb7-gl8pj.twoports": {
                "proxy": "twoports-86b4c7cbb7-gl8pj.twoports",
                "message": "Conflicting inbound listener:re.da.ct.ed:80. existing: admin.twoports.svc.cluster.local, incoming: regular.twoports.svc.cluster.local"
            }
        },
Raw
testing.md 
$ kc exec -ti -c twoports  twoports-86b4c7cbb7-gl8pj -- curl -v http://regular
* Rebuilt URL to: http://regular/
* Hostname was NOT found in DNS cache
> GET / HTTP/1.1
> User-Agent: curl/7.35.0
> Host: regular
> Accept: */*
>
< HTTP/1.1 503 Service Unavailable
< content-length: 57
< content-type: text/plain
< date: Sun, 05 May 2019 18:59:41 GMT
* Server envoy is not blacklisted
< server: envoy
<
* Connection #0 to host regular left intact
upstream connect error or disconnect/reset before headers

$ kc exec -ti -c twoports  twoports-86b4c7cbb7-gl8pj -- curl -v http://admin
* Rebuilt URL to: http://admin/
* Hostname was NOT found in DNS cache
> GET / HTTP/1.1
> User-Agent: curl/7.35.0
> Host: admin
> Accept: */*
>
< HTTP/1.1 200 OK
< date: Sun, 05 May 2019 18:59:47 GMT
< content-length: 17
< content-type: text/plain; charset=utf-8
< x-envoy-upstream-service-time: 0
* Server envoy is not blacklisted
< server: envoy
<
hello admin user
* Connection #0 to host admin left intact
@mbanikazemi
Copy link

mbanikazemi commented May 6, 2019
edited
Loading

Hmm. This works for me.
The only difference is I have the pod in default namespace. Does it work for you in the default namespace?

I see two listeners and no conflict error in the logs.

$ ./istioctl  proxy-config listeners --context ${CLUSTER3} twoports-8699b4b9db-6jq8m
172.x.x.x      8080      HTTP
172.x.x.x      9090      HTTP

$ kubectl -c twoports  --context $CLUSTER3 exec -ti twoports-8699b4b9db-6jq8m -- curl -v http://admin
* Rebuilt URL to: http://admin/
* Hostname was NOT found in DNS cache
*   Trying 172.21.41.103...
* Connected to admin (172.21.41.103) port 80 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.35.0
> Host: admin
> Accept: */*
>
< HTTP/1.1 200 OK
< date: Mon, 06 May 2019 19:02:46 GMT
< content-length: 17
< content-type: text/plain; charset=utf-8
< x-envoy-upstream-service-time: 0
* Server envoy is not blacklisted
< server: envoy
<
hello admin user
* Connection #0 to host admin left intact


$ kubectl -c twoports  --context $CLUSTER3 exec -ti twoports-8699b4b9db-6jq8m -- curl -v http://regular
* Rebuilt URL to: http://regular/
* Hostname was NOT found in DNS cache
*   Trying 172.21.117.200...
* Connected to regular (172.21.117.200) port 80 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.35.0
> Host: regular
> Accept: */*
>
< HTTP/1.1 200 OK
< date: Mon, 06 May 2019 19:02:58 GMT
< content-length: 19
< content-type: text/plain; charset=utf-8
< x-envoy-upstream-service-time: 0
* Server envoy is not blacklisted
< server: envoy
<
hello regular user
* Connection #0 to host regular left intact

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment