Created
June 4, 2019 17:20
-
-
Save mandarjog/2e469e49d095f92f1f3a40996b9115b9 to your computer and use it in GitHub Desktop.
GCLB Istio-addon 1.1.3 NodePort gateway
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Istio 1.1.3 Istio-add-on does not support a NodePort option for gateway. | |
| We therefore clone the istio-ingressgateway as istio-ingressgateway-private | |
| 1. Clone istio-ingressgateway service | |
| a. Modify name | |
| b. Remove all unnecessary config | |
| %> kubectl -n istio-system get svc istio-ingressgateway -o yaml | sed -e 's/istio-ingressgateway/istio-ingressgateway-private/g' -e '/clusterIP/d' -e '/nodePort/d' -e '/targetPort/d' -e 's/type: LoadBalancer/type: NodePort/g' -e '/addonmanager.kubernetes.io/d' -e '/kubernetes.io\/cluster-service/d' > private-svc.yaml | |
| 2. Clone istio-ingressgateway deployment | |
| %> kubectl -n istio-system get deployment istio-ingressgateway -o yaml | sed -e 's/istio-ingressgateway$/istio-ingressgateway-private/g' -e '/addonmanager.kubernetes.io/d' > private-deployment.yaml | |
| 3. Find out the NodePort assigned to status-port 15020 | |
| kubectl --namespace istio-system get svc istio-ingressgateway-private -o jsonpath={.spec.ports[?(@.port==15020)].nodePort} | |
| 4. Create ingress resource to point to istio-ingressgateway-private service | |
| ``` | |
| apiVersion: extensions/v1beta1 | |
| kind: Ingress | |
| name: istio-ingres-private | |
| namespace: istio-system | |
| spec: | |
| backend: | |
| serviceName: istio-ingressgateway-private | |
| servicePort: 80 | |
| ``` | |
| 5. Configure GCLB health check | |
| Update Port: NodePort corresponding to → 15020 | |
| Path: /healthz/ready |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment