Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Istio 1.1.3 Istio-add-on does not support a NodePort option for gateway.
- We therefore clone the istio-ingressgateway as istio-ingressgateway-private
- 1. Clone istio-ingressgateway service
- a. Modify name
- b. Remove all unnecessary config
- %> kubectl -n istio-system get svc istio-ingressgateway -o yaml | sed -e 's/istio-ingressgateway/istio-ingressgateway-private/g' -e '/clusterIP/d' -e '/nodePort/d' -e '/targetPort/d' -e 's/type: LoadBalancer/type: NodePort/g' -e '/addonmanager.kubernetes.io/d' -e '/kubernetes.io\/cluster-service/d' > private-svc.yaml
- 2. Clone istio-ingressgateway deployment
- %> kubectl -n istio-system get deployment istio-ingressgateway -o yaml | sed -e 's/istio-ingressgateway$/istio-ingressgateway-private/g' -e '/addonmanager.kubernetes.io/d' > private-deployment.yaml
- 3. Find out the NodePort assigned to status-port 15020
- kubectl --namespace istio-system get svc istio-ingressgateway-private -o jsonpath={.spec.ports[?(@.port==15020)].nodePort}
- 4. Create ingress resource to point to istio-ingressgateway-private service
- ```
- apiVersion: extensions/v1beta1
- kind: Ingress
- name: istio-ingres-private
- namespace: istio-system
- spec:
- backend:
- serviceName: istio-ingressgateway-private
- servicePort: 80
- ```
- 5. Configure GCLB health check
- Update Port: NodePort corresponding to → 15020
- Path: /healthz/ready
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement