问题
I am trying to setup ALB load balancer instead of default ELB loadbalancer in Kubernetes AWS.The loadbalancer has to be connected to the istio ingressgateway.I looked for solutions and only found one. But the istio version mentioned is V1 and there has been so many changes in istio now.I tried to change service type to nodeport in the chart (according to the blog)but still the service comes as a Loadbalancer.
Can someone mention steps how to configure ALB for istio ingressgateway?
Thanks for reading
回答1:
Step 1 : Change istioingresssgateway service type as nodeport
Step 2 : Install ALB ingress controller
Step 3 : Write ingress.yaml for istioingressgateway as follows:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
namespace: istio-system
name: ingress
labels:
app: ingress
annotations:
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/subnets: <subnet1>,<subnet2>
spec:
rules:
- http:
paths:
- path: /*
backend:
serviceName: istio-ingressgateway
servicePort: 80
alb.ingress.kubernetes.io/subnets annotation can be avoided if you labelled subnet of vpc with :
kubernetes.io/cluster/: owned
kubernetes.io/role/internal-elb: 1 (for internal ELB)
kubernetes.io/role/elb: 1 (for external ELB)
or else you can provide two subnet values and each subnet should be in different availability zone in the above yaml
It worked in Istio 1.6
回答2:
I can confirm solution by tibin_tomy worked for me on Istio 1.7.4. Additionally I used ClusterIP under step 1 instead of NodePort.
Step1 - Change istioingresssgateway service type to ClusterIP (Installing Istio using IstioOperator):
apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
metadata:
namespace: istio-system
name: istio
spec:
profile: default
components:
ingressGateways:
- name: istio-ingressgateway
k8s:
service:
type: ClusterIP # Disable classic load balancer creation (default), routing to here will be done via Kubernetes Ingress resource
NOTE: Deploy "Ingress" in the same namespace as istio-ingressgateway (istio-system by default). For example if istio-ingressgateway is in namespace istio-system and Ingress is in namespace system, then aws-alb-ingress-controller errors with:
"kubebuilder/controller "msg"="Reconciler error" "error"="failed to reconcile targetGroups due to failed to load serviceAnnotation due to no object matching key "system/istio-ingressgateway" in local store" "controller"="alb-ingress-controller" "request"={"Namespace":"system","Name":"sonata-ingress"}"
来源:https://stackoverflow.com/questions/62407364/how-to-set-aws-alb-instead-of-elb-in-istio