Hi, bit of a first timer here using Istio ingress with Azure Kubernetes Service.
Following the installation of istio, ingress works and the routing has been automatically set up to hit one of the IPs of the default AKS load balancer. From there I can set up VirtualServices and route to the pods just fine.
However I’d like to change the IP the ingress point to, as I also have my own static Public IP resource associated with the same load balancer. This should allow me to use azure’s DNS labels as I do not have my own domain, and also then serve correct TLS certificates which wouldn’t be possible through the load balancer IP.
How can I patch the istio installation to update the load balancer IP and route everything through my public IP instead of the automatically assigned one?
It looks like Azure supports the creation of an LB with a specific IP address by way of adding an annotation to the Service.
How you add this annotation to your installation depends on how you installed istio. Check out the customization guide for details.
I installed Istio via the official AKS plugin. This means I did not manually install Istio with e.g. Helm, so I don’t have files I can modify and re-install. It’s just gone ahead and tied itself to the cluster’s default load balancer.
I notice now they have listed the following limitation i ntheir instructions:
Customization of mesh based on the following custom resources is blocked for now - EnvoyFilter, ProxyConfig, WorkloadEntry, WorkloadGroup, Telemetry, IstioOperator, WasmPlugin`
Does this mean I can’t re-configure the load balancer IP?
Does this mean I can’t re-configure the load balancer IP?
Nah, you can probably YOLO it by just kubectl editing the istio-ingressgateway service and adding the annotation. I would also ping your local Azure rep to find out how this extremely common customization can be applied using their plugin system. There’s lots of install options you might want to tweak, finding out how to use them with the official AKS plugins will be useful.