Describe the bug
We rely on Istio Gateway to point the traffic into the cluster. Through our testing, we found out unready Envoy process can be added to the fleet to receive the traffic. This will result to Connection Refused at the client side.
More alarmingly, we also found out that sometimes Envoy process fail to establish a connection with the pilot, please see the log from the gateway pod below:
Expected behavior
Only healthy gateway should be added to the fleet to receive traffic.
Steps to reproduce the bug
Deploy the istio gateway and expose it as a NodePort service. Scale up the gateway multiple times while sending some traffic to the gateway, you should be able to reproduce the bug.
I added the readinessProbe manually and it reduced the ConnectionRefuse errors but sometimes as the above error log showed, Envoy proxy fails to start and still result ConnectionRefuse.
Version
Kubernetes: 1.12
Istio: 1.1-snapshot-4
Installation
Using Helm
Environment
4.14.67-coreos
Describe the bug
We rely on Istio Gateway to point the traffic into the cluster. Through our testing, we found out unready Envoy process can be added to the fleet to receive the traffic. This will result to
Connection Refusedat the client side.More alarmingly, we also found out that sometimes Envoy process fail to establish a connection with the pilot, please see the log from the gateway pod below:
Expected behavior
Only healthy gateway should be added to the fleet to receive traffic.
Steps to reproduce the bug
Deploy the istio gateway and expose it as a NodePort service. Scale up the gateway multiple times while sending some traffic to the gateway, you should be able to reproduce the bug.
I added the
readinessProbemanually and it reduced theConnectionRefuseerrors but sometimes as the above error log showed, Envoy proxy fails to start and still resultConnectionRefuse.Version
Kubernetes: 1.12
Istio: 1.1-snapshot-4
Installation
Using Helm
Environment
4.14.67-coreos