Issues Setting Up Istio Gateway

Dmitriy

7/28/23, 8:07 PM

I have an AKS cluster with 2 nodes

Node A. 10.216.6.229 Node B. 10.216.6.230

We do not have External Load Balancer, so Istio Gateway EXTERNAL-IP is . As per Get Started documentation, I used command below to get INGRESS-HOST, which was set to Node A IP of 10.216.6.229. After completing the Get Started steps I can open sample app BookInfo on http://10.216.6.229:30438/productpage

export INGRESS_HOST=$(kubectl get po -l istio=ingressgateway -n istio-system -o jsonpath='{.items[0].status.hostIP}')

Here’s the questions I have

For some reason http://10.216.6.230:30438/productpage is also responding. I don’t understand how the traffic is routed to Node B address.
What happens if Node A with IP 10.216.6.229 crashes and is restarted with a different IP address?
Is Node Port a proper configuration for production environment?
Can I install Istio with EXTERNAL-IP configured? I was able to do this with NGinx.

Thanks for the information.

EDIT 1

I am still struggling with this. I have tried to install Istio with loadBalancerIP, and I get error message below

apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
spec:
  profile: demo
  components:
    ingressGateways:
      - name: istio-ingressgateway
        enabled: true
        k8s:
          service:
            loadBalancerIP: 10.215.5.254

Event message: Error syncing load balancer: failed to ensure load balancer: findMatchedPIPByLoadBalancerIP: cannot find public IP with IP address 10.215.5.254 in resource group rg_mc_kub11618np01

My subnet is 10.215.5.224/27

0 + 0

istio

Score:1

Server

Bhaskar Gogoi

2/24/24, 9:10 AM

Firstly, you need to create a Public IP Address which should depend on the AKS cluster.

I have used Pulumi as IaC tool for creating public IP Address and added the option dependsOn with the cluster information.

Initialize the istio operator as follows:

istioctl operator init

And then, you use the public Address ipAddress inside this like the following:

apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
metadata:
  name: istiocontrolplane
  namespace: istio-system
spec:
  profile: demo
  components:
    ingressGateways:
      - name: istio-ingressgateway
        enabled: true
        k8s:
          service:
            loadBalancerIP: <publicIPAddress.ipAddress>

Or you can directly call like the following:

kubectl apply -f - <<EOF
apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
metadata:
  namespace: istio-system
  name: istiocontrolplane
spec:
  profile: demo
  components:
    ingressGateways:
      - name: istio-ingressgateway
        enabled: true
        k8s:
          service:
            loadBalancerIP: <publicIPAddress.ipAddress>
EOF

This way istio is associated with your AKS cluster and follow the steps accordingly. I hope this helps :)

+ 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Issues Setting Up Istio Gateway

TH: ปัญหาการตั้งค่า Istio Gateway

RO: Probleme la configurarea Istio Gateway

RU: Проблемы с настройкой шлюза Istio

VI: Sự cố khi thiết lập Cổng Istio

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.