I have a cluster that loses kube worker nodes every so often (I'm are moving away from this service provider for this reason), but I'd still like to harden Istio from going down when we a kube node. The problem seems to be that if the node dies that Istio has created the ingress gateway pod on, the services goes down until that node comes back up. Is there a way to scale the ingress gateway to multiple pods and give an affinity so it doesn't get scheduled on the same node? That way if we lose a kube worker node, we don't lose all our services on that gateway.
I've also thought about adding two gateways, but then they'd have different IPs and I'd have to deal with that upstream (not the end of the world I guess), but was hoping Istio had a solution to this.
Version
$ istio-1.13.1/bin/istioctl version
client version: 1.13.1
control plane version: 1.13.1
data plane version: 1.13.1 (24 proxies)
$ kubectl version --short
Client Version: v1.22.3
Server Version: v1.23.8
Possible Solution
Ok, finally came across this, maybe now looking for confirmation this it the right thing to do.
Adding the following to spec.components.ingressGateway.0 in the operator seems to scale the pod. And when I delete the original pod, I don't lose a single packet.
hpaSpec:
minReplicas: 2
