Ingress Gateway as a Load Balancer in a non Cloud Environment

Hello, I’ am having a issue related to Istio’s configuration. I have a local server which is running a Kubernetes 1.17.2 in a Rancher v2.3.5 with Istio 1.4.4 and I managed to configure it properly. One of my pods have a webserver which I can access to it throught the Ingress Gateway. The problem is that in order to use the ingress Gateway , all of my virtual hosts need to be especified the following ports: HTTP/31380 and HTTPS/31390. So for instance:

I want to access to https://www.example.com instead of https://www.example.com:31390 which is very tedious, especially because I have a lot of Virtual Hosts and it would be a big difference in the Development enviroment in comparision to Production environment (implemented in GCP).

Is there any way that I can use the Ingress Gateway as a Load Balancer in a non Cloud Environment (Local Server) ?

Hello,

I’ve done that with a service and ingress.
The service is binding ports as NodePort (On every node) with a random port.

In the ingress, I use the binding name of the service (so when the random port changes it still works).
If you use https, you will have either to SSL/TLS termination or add the ssl passthrough annotation.

Torpi

Hello Torpi,

Thanks a lot for your answer, I’ve done what you suggested me but in that way the traffic goes throught the Ingress (nginx-load-balancer) instead of the Istio Ingress Gateway. I noticed that using Kali.

Agustin

My bad, I understood the nginx ingress rather than istio ingress gateway. Sorry for the confusion.

I guess you enabled the gateway in istio settings already and have it working with nodeports, right? https://rancher.com/docs/rancher/v2.x/en/cluster-admin/tools/istio/setup/gateway/

I’ve not played with it but my guess would be to set Port of istio controller to 443 in service spec:

spec:
  selector:
    istio: ingressgateway # use istio default controller
  servers:
    - port:
        number: 443

and configure your route destination properly in the virtual service.

Torpi