0

I'm trying to deploy the most simple demo app. Two services foo-service and bar-service - both listen on 8080.

Now I want to visit http://localhost/foo and http://localhost/bar and see them.

Here's the end to end code for what I'm trying (on Windows using Podman rootful if it matters):

kind create cluster --config=config.yaml
helm repo add istio https://istio-release.storage.googleapis.com/charts
helm repo update
helm install istio-base istio/base -n istio-system --set defaultRevision=default --create-namespace
# Now install Istio proper
helm install istiod istio/istiod -n istio-system --wait
# Ensure all is running
kubectl get deployments -n istio-system --output wide
# Label the default namespace to allow istio injection into workload pods
kubectl label namespace default istio-injection=enabled
# Create an ingress gateway
helm install istio-ingress istio/gateway -n istio-ingress --create-namespace --wait
kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.3.0/standard-install.yaml
kubectl apply -f deploy.yaml
# Apply the Gateway and routes
kubectl apply -f gateway.yaml
kubectl apply -f httproutes.yaml

Note: I've tried the Gateway both with and without the ClusterIP + NodePort annotation. If I don't have it, the gateway is never Programmed.

Debugging

kubectl get pods
NAME READY STATUS RESTARTS AGE
bar-app 2/2 Running 0 3h28m
foo-app 2/2 Running 0 3h28m
httpbin-gateway-istio-6cbdf844bd-z2crc 1/1 Running 0 3h25m
kubectl -n istio-ingress get svc 
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
istio-ingress LoadBalancer 10.96.111.158 <pending> 15021:31480/TCP,80:32540/TCP,443:32564/TCP 3h30m
kubectl -n istio-ingress get pods
NAME READY STATUS RESTARTS AGE
istio-ingress-7d986cc748-m42rb 1/1 Running 0 3h30m
% kubectl -n istio-system get pods 
NAME READY STATUS RESTARTS AGE
istiod-5f4c88d79-wf9qw 1/1 Running 0 3h32m
kubectl -n istio-system get svc 
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
istiod ClusterIP 10.96.60.79 <none> 15010/TCP,15012/TCP,443/TCP,15014/TCP 3h32m

cluster.yaml

I've tried this with and without the kubeadm patches

apiVersion: kind.x-k8s.io/v1alpha4
kind: Cluster
nodes:
- role: control-plane
 image: kindest/node:v1.30.0
 kubeadmConfigPatches:
 - |
 kind: InitConfiguration
 nodeRegistration:
 kubeletExtraArgs:
 node-labels: "ingress-ready=true"
 extraPortMappings:
 - containerPort: 80
 hostPort: 80

gateway.yaml

# Important note: A Gateway doesn't define any routes
# This is literally 'the way in' to the cluster
# You ALSO need HTTPRoute(s)
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
 name: httpbin-gateway
 namespace: default
 # annotations:
 # networking.istio.io/service-type: ClusterIP
spec:
 gatewayClassName: istio
 
 listeners:
 - name: http
 port: 80
 protocol: HTTP
 allowedRoutes:
 namespaces:
 from: All

http routes

---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
 name: httpbin-foo-route
 namespace: default
spec:
 parentRefs:
 - name: httpbin-gateway
 rules:
 - matches:
 - path:
 type: Exact
 value: /foo
 backendRefs:
 - name: foo-service
 port: 8080
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
 name: httpbin-bar-route
 namespace: default
spec:
 parentRefs:
 - name: httpbin-gateway
 rules:
 - matches:
 - path:
 type: Exact
 value: /bar
 backendRefs:
 - name: bar-service
 port: 8080

deploy.yaml

kind: Pod
apiVersion: v1
metadata:
 name: foo-app
 labels:
 app: foo
spec:
 containers:
 - command:
 - /agnhost
 - serve-hostname
 - --http=true
 - --port=8080
 image: registry.k8s.io/e2e-test-images/agnhost:2.39
 name: foo-app
---
kind: Service
apiVersion: v1
metadata:
 name: foo-service
spec:
 selector:
 app: foo
 ports:
 # Default port used by the image
 - port: 8080
---
kind: Pod
apiVersion: v1
metadata:
 name: bar-app
 labels:
 app: bar
spec:
 containers:
 - command:
 - /agnhost
 - serve-hostname
 - --http=true
 - --port=8080
 image: registry.k8s.io/e2e-test-images/agnhost:2.39
 name: bar-app
---
kind: Service
apiVersion: v1
metadata:
 name: bar-service
spec:
 selector:
 app: bar
 ports:
 # Default port used by the image
 - port: 8080

After all that, calls to http://localhost/foo don't resolve. What am I missing?

asked May 19, 2025 at 8:58

0

Know someone who can answer? Share a link to this question via email, Twitter, or Facebook.

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.