Hi All,
I am using istio 1.7.3 version in my env and have installed ingress and egress using demo profile using below command:
istioctl install --set profile=demo
I have customized my ingress config to create CLB to attach to the aws cert once the ingress is created and that is working fine, please review the below config:
apiVersion: v1
kind: Service
metadata:
name: istio-ingressgateway
namespace: istio-system
annotations:
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: “arn:”
" service.beta.kubernetes.io/aws-load-balancer-backend-protocol: “http”
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: “https”
service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: “3600”
labels:
app: istio-ingressgateway
release: istio
istio: ingressgateway
spec:
type: LoadBalancer
selector:
app: istio-ingressgateway
ports:
- name: status-port
port: 15021
targetPort: 15021 - name: http2
port: 80
targetPort: 8080 - name: https
port: 443
targetPort: 8443 - name: tcp
port: 31400
targetPort: 31400 - name: tls
port: 15443
targetPort: 15443
Now I want to create a ALB instead to CLB and create a access-log-s3-bucket-name to get the logs of the ALB.
Can we tweak the above configuration so that it can override and make it a ALB with s3 bucket access logs enabled or what should I do when using istioctl command with demo profile to change it to ALB with s3 access logs enabled instead of CLB.
Do we have any sample config or examples somewhere that can help or you can point me to.