Istio 1.1.3 Istio-add-on does not support a NodePort option for gateway.We ther

1. Istio 1.1.3 Istio-add-on does not support a NodePort option for gateway.
2. We therefore clone the istio-ingressgateway as istio-ingressgateway-private
3.  
4. 1. Clone istio-ingressgateway service
5. a. Modify name
6. b. Remove all unnecessary config
7.  
8. %> kubectl -n istio-system get svc istio-ingressgateway -o yaml | sed -e 's/istio-ingressgateway/istio-ingressgateway-private/g' -e '/clusterIP/d' -e '/nodePort/d' -e '/targetPort/d' -e 's/type: LoadBalancer/type: NodePort/g' -e '/addonmanager.kubernetes.io/d' -e '/kubernetes.io\/cluster-service/d' > private-svc.yaml
9.  
10. 2. Clone istio-ingressgateway deployment
11. %> kubectl -n istio-system get deployment istio-ingressgateway -o yaml | sed -e 's/istio-ingressgateway$/istio-ingressgateway-private/g' -e '/addonmanager.kubernetes.io/d' > private-deployment.yaml
12.  
13. 3. Find out the NodePort assigned to status-port 15020
14. kubectl --namespace istio-system get svc istio-ingressgateway-private -o jsonpath={.spec.ports[?(@.port==15020)].nodePort}
15.  
16. 4. Create ingress resource to point to istio-ingressgateway-private service
17. ```
18. apiVersion: extensions/v1beta1
19. kind: Ingress
20. name: istio-ingres-private
21. namespace: istio-system
22. spec:
23. backend:
24. serviceName: istio-ingressgateway-private
25. servicePort: 80
26. ```
27. 5. Configure GCLB health check
28. Update Port: NodePort corresponding to → 15020
29. Path: /healthz/ready