An Istio ingress resource that uses ALB and header based auth, handy to serve Kubeflow traffic to non-humans

istio-ingress-api.yaml

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]'
    alb.ingress.kubernetes.io/load-balancer-attributes: idle_timeout.timeout_seconds=180
    alb.ingress.kubernetes.io/scheme: internet-facing
    alb.ingress.kubernetes.io/certificate-arn: 'arn:aws:acm:eu-west-1:1234123xxx:certificate/66e23eea-39bc-45fa-67b7-xxx'
    alb.ingress.kubernetes.io/conditions.istio-ingressgateway: '[{"Field":"http-header","HttpHeaderConfig":{"HttpHeaderName": "x-api-key", "Values":["aRandomStringxxx", "anotherRandomStringxxx"]}}]'
    alb.ingress.kubernetes.io/actions.istio-ingressgateway: '{"Type":"forward","ForwardConfig":{"TargetGroups":[{"ServiceName":"istio-ingressgateway","ServicePort":"80","Weight":100}]}}'
    kubernetes.io/ingress.class: alb
  name: istio-ingress-api
  namespace: istio-system
spec:
  rules:
    - http:
        paths:
          - backend:
              service:
                name: istio-ingressgateway
                port:
                  number: 80
            path: /
            pathType: Prefix