0

Is it possible to assign a LoadbalancerIP to the ingressgateway using metalLB? Given this yaml it throws an error about loadBalancerIP ("unknown field "loadBalancerIP" in io.istio.networking.v1alpha3.Gateway.spec"), I can get around it by using the '--validate=false' flag but metalLB is not assigning the right IP address?

test.yaml:

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: httpbin-gateway
spec:
  loadBalancerIP: 10.0.0.242
  selector:
    istio: ingressgateway # use Istio default gateway implementation
  servers:
  - port:
      number: 80
      name: http
      protocol: HTTP
    hosts:
    - "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: httpbin
spec:
  hosts:
  - "*"
  gateways:
  - httpbin-gateway
  http:
  - match:
    - uri:
        prefix: /headers
    route:
    - destination:
        port:
          number: 8000
        host: httpbin

layer2.yaml:

apiVersion: v1
kind: ConfigMap
metadata:
  namespace: metallb-system
  name: config
data:
  config: |
    address-pools:
    - name: nips
      protocol: layer2
      addresses:
      - 10.0.0.206-10.0.0.225
      auto-assign: true
    - name: mainips
      protocol: layer2
      addresses:
      - 10.0.0.230-10.0.0.239
      auto-assign: false
    - name: cheapips
      protocol: layer2
      addresses:
      - 10.0.0.240-10.0.0.249
      auto-assign: false
    - name: web 
      protocol: layer2
      addresses:
      - 10.0.0.203-10.0.0.205
      auto-assign: false

running the kubectl commands:

$ kubectl apply -f /tmp/test.yaml
error: error validating "/tmp/test.yaml": error validating data: ValidationError(Gateway.spec): unknown field "loadBalancerIP" in io.istio.networking.v1alpha3.Gateway.spec; if you choose to ignore these errors, turn validation off with --validate=false
$ kubectl apply --validate=false -f /tmp/test.yaml
gateway.networking.istio.io/httpbin-gateway created
virtualservice.networking.istio.io/httpbin created

$ kubectl get svc -n istio-system -o wide istio-ingressgateway
NAME                   TYPE           CLUSTER-IP      EXTERNAL-IP   PORT(S)                                      AGE   SELECTOR
istio-ingressgateway   LoadBalancer   10.108.199.32   10.0.0.206   15021:31659/TCP,80:30780/TCP,443:30769/TCP   17h   app=istio-ingressgateway,istio=ingressgateway

Notice it got the wrong EXTERNAL-IP address from MetalLB.

thoth
  • 1,112
  • 2
  • 9
  • 15
  • Which version of Kubernetes and Istio did you use and how did you set up the cluster? Did you use bare metal installation or some cloud providor? It is important to reproduce your problem. – Mikołaj Głodziak Dec 13 '21 at 12:26
  • k8s 1.22.4, and used kubeadm on baremetal – thoth Dec 13 '21 at 15:07
  • From What I know, you need to do that in the istio service and that could be manage in the istio installation options, How did you install istio? – c4f4t0r Dec 14 '21 at 13:32

1 Answers1

1

I think you need to set the IP address on the ingressGateway with an IstioOperator when installing Istio. not on your virtual gateway.

Create a yaml file with your config:

apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
spec:
  components:
    ingressGateways:
    - name: istio-ingressgateway
      enabled: true
      k8s:
        service:
          type: LoadBalancer
          loadBalancerIP: 10.0.0.242

If you don't supply an operator when installing Istio at the moment, the default config will be used so make sure you add any values you would like to keep to the ingressGateway part. This config will be merged with the default.

To get your current config:

kubectl get istiooperators.install.istio.io -n istio-system installed-state -o yaml

Then apply this config when installing Istio:

istioctl install \
    -f k8s/istio/gateways.yaml

All options for the IstioOperator:

https://istio.io/latest/docs/reference/config/istio.operator.v1alpha1/

Jeroen
  • 1,991
  • 2
  • 16
  • 32