Hello Guys,
Is there any links/articles/leads on how to setup Istio with Private AKS Cluster ?
To be more specific, Istio deploys Gateways with External IP’s but the idea of a Private AKS cluster is to not have any EXTERNAL IP’s.
How do we create Istio G/W with only INTERNAL IP on an AKS cluster by using istioctl ?
Hi
I believe you can add serviceAnnotations: to your gateway to use internal loadbalancer over public loadbalancer. Below example is for google cloud.
So how do we change the annotations for a default profile ? Should I create a dump of the default profile and add annotations to ingressGateways block ? Is that the best way to do it ?
You should be able to add annotations using the value overrides with IstioOperator config:
apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
metadata:
name: istio-operator
spec:
components:
ingressGateways:
- enabled: true
k8s:
overlays:
- kind: Service
name: istio-ingressgateway
patches:
- path: spec.type
value: LoadBalancer
values:
gateways:
istio-ingressgateway:
serviceAnnotations:
service.beta.kubernetes.io/azure-load-balancer-internal: “true”
You can use this to generate manifest and verify if the annotations are being added to the ingress service.
MS link for adding the annotations for internal LB: https://docs.microsoft.com/en-us/azure/aks/internal-lb#create-an-internal-load-balancer
Great! I was able to spin it up with a custom manifest file. Here is what I did: