Istio-ingress behind Google cloud Layer 7 load balancer

0
votes

Problem I am facing is that my istio-ingressgateway is working perfectly file at network layer load balancer(L4 loadbalancer or TCP load balancer) but when i connect istio-ingressgateway to Layer7 load balancer by attaching nodePort at backend service.after that http to https redirection not working properly its always give Response code 301 even when i request using https protocol.

2
google-cloud-platformistiogoogle-cloud-load-balancer
Do you use GKE? or a custom K8S deployment? - guillaume blaquiere
I am using GKE. @guillaumeblaquiere - Bhavya Jain
Do you use the istio Add-on? Or do you install Istio by yourself ? - guillaume blaquiere
i installed it by my self @guillaumeblaquiere - Bhavya Jain
Just to understand well. You have an ingress-gateway define by Istio. This gateway has spawn an TCP load balancer on GCP. You have expose a service as NodePort, define an istio gateway and an istio virtual service and you can reach your service through the TCP load balancer. Now, you want to create an HTTP loadbalancer, to define the instance group as backend and reach it in HTTP and HTTPS. Am I correct? The backend is healthy but the response is 301. How do you test your HTTP loadbalancer ? Curl? Via Browser? - guillaume blaquiere

2 Answers

1
votes

I successfully configured the same architecture. Here the step to reproduce:

  • Deploy a GKE cluster. Either with Istio, or with istio installed afterward.
  • Get the Istio-ingressgateway nodeport for http:
kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="http2")].port}'
  • Create a Global Loadbalancer
  • Create a backend service and select your cluster InstanceGroup.
  • Set the istio-ingressgateway nodeport as port
  • Create an health check, on the same nodeport value, in TCP mode
  • Configure your URL path
  • Validate and wait 5-10 minutes for letting the time to the health check to validate your configuration and to route the traffic

Now, you can reach your K8S cluster, through the Istio Nodeport with the global load balancer. Deploy a service on Istio, you could reach it through the Global Loadbalancer.

1
votes

There is an issue on GitHub, Please check: https://github.com/istio/istio/issues/17980