0

I found out that istio is moving toward Kubernetes Gateway API, so i decided to to use Kubernetes Gateway API with Istio.

With much research i came up with following

---
apiVersion: gateway.networking.k8s.io/v1beta1
kind: Gateway
metadata:
  name: istio-gateway
  namespace: istio-ingress
  annotations:
    # Cert Manager specific: only if you automatically issue certificate
    # when ready, switch to production-cluster-issuer
    cert-manager.io/cluster-issuer: staging-cluster-issuer
spec:
  addresses:
    - value: 34.98.116.35   <--- This is what causes LB not to be created
      type: IPAddress
  gatewayClassName: istio
  listeners:
    - name: staging-https
      protocol: HTTPS
      port: 443
      hostname: "staging.api.ipos.app"
      tls:
        mode: Terminate
        certificateRefs:
          - kind: Secret
            group:
            name: ipos-app-cert
      allowedRoutes:
        namespaces:
          from: All
    - name: qa-https
      protocol: HTTPS
      port: 443
      hostname: "qa.api.ipos.app"
      tls:
        mode: Terminate
        certificateRefs:
          - kind: Secret
            group:
            name: ipos-app-cert
      allowedRoutes:
        namespaces:
          from: All

Whenever addresses is removed, a Network (target pool-based) regional Load Balancer is created with a random IP address is provisioned.

Problem is i have a reserved IP address that i would want to be used be the auto-provisioned Load Balancer. Though whenever i add below code, the Load balancer is never provisioned

addresses:
  - value: 34.98.116.35   <--- This is what causes LB not to be created
    type: IPAddress
David Maze
  • 130,717
  • 29
  • 175
  • 215
Yunus Einsteinium
  • 1,102
  • 4
  • 21
  • 55

2 Answers2

0

If you want to use a reserved IP address for your auto-provisioned Load Balancer, Can you try to set the type field of the addresses field to LoadBalancer and specify the IP address you want to use in the value field. For example:

address:
  - type: LoadBalancer
    value: 34.98.116.35

Once you have done this, the Load Balancer should be created and the specified IP address should be used. Refer to this istio doc by samarth0157

Hemanth Kumar
  • 2,728
  • 1
  • 4
  • 19
0

We came to realize the problem is not in the Kubernetes Gateway manifest file. Mistake we did is reserve a global IP address, and assign the global IP address to the Gateway.

The Gateway expected a regional IP address in the same region as the cluster. So the below code works

addresses:
  - value: 34.98.116.35   <--- This must be Regional IP to work with Istio
    type: IPAddress
Yunus Einsteinium
  • 1,102
  • 4
  • 21
  • 55