0

Problem I am facing is that my istio-ingressgateway is working perfectly file at network layer load balancer(L4 loadbalancer or TCP load balancer) but when i connect istio-ingressgateway to Layer7 load balancer by attaching nodePort at backend service.after that http to https redirection not working properly its always give Response code 301 even when i request using https protocol.

2 Answers2

1

I successfully configured the same architecture. Here the step to reproduce:

  • Deploy a GKE cluster. Either with Istio, or with istio installed afterward.
  • Get the Istio-ingressgateway nodeport for http:
kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="http2")].port}'
  • Create a Global Loadbalancer
  • Create a backend service and select your cluster InstanceGroup.
  • Set the istio-ingressgateway nodeport as port
  • Create an health check, on the same nodeport value, in TCP mode
  • Configure your URL path
  • Validate and wait 5-10 minutes for letting the time to the health check to validate your configuration and to route the traffic

Now, you can reach your K8S cluster, through the Istio Nodeport with the global load balancer. Deploy a service on Istio, you could reach it through the Global Loadbalancer.

guillaume blaquiere
  • 66,369
  • 2
  • 47
  • 76
  • did you try https redirection with L7 load balancer ? Because i am able to connect application with L7 load balancer but HTTPS redirection not working properly – Bhavya Jain Oct 31 '19 at 06:02
  • @gguillaume-blaquiere why the health check has to be in TCP mode? Can't we use a HTTP health check? I tried your approach with a HTTP health check that checks ```/healthz/ready``` path of istio-ingressgateway, health check passes but app returns 404. – bakadevops Jan 10 '22 at 04:24
1

There is an issue on GitHub, Please check: https://github.com/istio/istio/issues/17980

pavansh
  • 11
  • 1