debugkubernetesMinor
How to solve 'upstream connect error or disconnect/reset before headers. reset reason: connection termination' in Istio?
Viewed 0 times
errorconnectistioreasonheadersterminationsolvehowbeforedisconnect
Problem
I try to setup an aws load balancer (ELB) with SSL follow the instruction at #6566
Certificate was attached on ELB.
However, I got the issue "upstream connect error or disconnect/reset before headers. reset reason: connection termination" when trying to access our web on browser.
Our setup without SSL has been worked before.
I use the custom values.yaml to install the istio (helm template):
I have inserted below annotations to the
Here is my
Certificate was attached on ELB.
However, I got the issue "upstream connect error or disconnect/reset before headers. reset reason: connection termination" when trying to access our web on browser.
Our setup without SSL has been worked before.
I use the custom values.yaml to install the istio (helm template):
helm template ./istio/install/kubernetes/helm/istio --name istio \
--namespace istio-system --values ./mesh/values.yaml | kubectl apply -f -I have inserted below annotations to the
gateways tag:istio-ingressgateway:
serviceAnnotations:
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:ap-southeast-1:xxxxx:certificate/my-crt"
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "http"
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https"Here is my
gateway.yaml:apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: istio-gateway
spec:
selector:
istio: ingressgateway #default istio ingressgateway
servers:
- port:
number: 80
name: http-istio-gateway
protocol: HTTP
hosts:
- "*"
tls:
httpsRedirect: true
- port:
number: 443
name: https-istio-gateway
protocol: HTTP
hosts:
- "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: api-gateway
spec:
gateways:
- istio-gateway
hosts:
- "*"
http:
- match:
- uri:
prefix: /socket.io/
route:
- destination:
host: api-gateway-ws.default.svc.cluster.local
port:
number: 5001
- match:
- uri:
prefix: /
route:
- destination:
host: api-gateway.default.svc.cluster.local
port:
number: 5000Solution
I encountered the same error but with a different issue. The Service port needed a name added to it. https://github.com/istio/istio/issues/19966. And they need to follow the format (protocol-suffix) https://istio.io/docs/ops/deployment/requirements/
ports:
- name: https # Use http or https
protocol: TCP
port: 8080
targetPort: 8080Code Snippets
ports:
- name: https # Use http or https
protocol: TCP
port: 8080
targetPort: 8080Context
StackExchange DevOps Q#8167, answer score: 7
Revisions (0)
No revisions yet.