Need help troubleshooting Istio IngressGateway HTTP ERROR 503

As 503 often occurs and it´s hard to find the issue I set up little troubleshooting answer, there are another questions with 503 error which I encountered for several months with answers, useful informations from istio documentation and things I would check.

Examples with 503 error:

• Istio 503:s between (Public) Gateway and Service
• IstIO egress gateway gives HTTP 503 error
• Istio Ingress Gateway with TLS termination returning 503 service unavailable
• how to terminate ssl at ingress-gateway in istio?
• Accessing service using istio ingress gives 503 error when mTLS is enabled

Common cause of 503 errors from istio documentation:

• https://istio.io/docs/ops/best-practices/traffic-management/#avoid-503-errors-while-reconfiguring-service-routes
• https://istio.io/docs/ops/common-problems/network-issues/#503-errors-after-setting-destination-rule
• https://istio.io/latest/docs/concepts/traffic-management/#working-with-your-applications

Few things I would check first:

• Check services ports name, Istio can route correctly the traffic if it knows the protocol. It should be <protocol>[-<suffix>] as mentioned in istiodocumentation.
• Check mTLS, if there are any problems caused by mTLS, usually those problems would result in error 503.
• Check if istio works, I would recommend to apply bookinfo application example and check if it works as expected.
• Check if your namespace is injected with kubectl get namespace -L istio-injection
• If the VirtualService using the subsets arrives before the DestinationRule where the subsets are defined, the Envoy configuration generated by Pilot would refer to non-existent upstream pools. This results in HTTP 503 errors until all configuration objects are available to Pilot.

Hope you find this useful.