Install ALB instead of CLB when using istio ingress: istio version1.7.3

Hi All,

I am using istio 1.7.3 version in my env and have installed ingress and egress using demo profile using below command:
istioctl install --set profile=demo

I have customized my ingress config to create CLB to attach to the aws cert once the ingress is created and that is working fine, please review the below config:


apiVersion: v1
kind: Service
metadata:
name: istio-ingressgateway
namespace: istio-system
annotations:
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: “arn:”
" service.beta.kubernetes.io/aws-load-balancer-backend-protocol: “http”
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: “https”
service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: “3600”
labels:
app: istio-ingressgateway
release: istio
istio: ingressgateway
spec:
type: LoadBalancer
selector:
app: istio-ingressgateway
ports:

  • name: status-port
    port: 15021
    targetPort: 15021
  • name: http2
    port: 80
    targetPort: 8080
  • name: https
    port: 443
    targetPort: 8443
  • name: tcp
    port: 31400
    targetPort: 31400
  • name: tls
    port: 15443
    targetPort: 15443

Now I want to create a ALB instead to CLB and create a access-log-s3-bucket-name to get the logs of the ALB.
Can we tweak the above configuration so that it can override and make it a ALB with s3 bucket access logs enabled or what should I do when using istioctl command with demo profile to change it to ALB with s3 access logs enabled instead of CLB.

Do we have any sample config or examples somewhere that can help or you can point me to.

I also made changes to the above config:

---
apiVersion: v1
kind: Service
metadata:
  name: istio-ingressgateway
  namespace: istio-system
  labels:
    app: istio-ingressgateway
    release: istio
    istio: ingressgateway
spec:
  type: NodePort
  selector:
    app: istio-ingressgateway
  ports:
  - name: status-port
    port: 15021
    targetPort: 15021
  - name: http2
    port: 80
    targetPort: 8080
  - name: https
    port: 443
    targetPort: 8443
  - name: tcp
    port: 31400
    targetPort: 31400
  - name: tls
    port: 15443
    targetPort: 15443

---
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  labels:
    app: istio-ingressgateway
    release: istio
    istio: ingressgateway
  name: istio-ingress
  namespace: istio-system
  annotations:
    kubernetes.io/ingress.class: alb
    #alb.ingress.kubernetes.io/group.name: istio
    alb.ingress.kubernetes.io/scheme: internet-facing
    alb.ingress.kubernetes.io/certificate-arn: arn:
    alb.ingress.kubernetes.io/subnets: us-west-2a,us-west-2b,us-west-2c
    alb.ingress.kubernetes.io/security-groups: nodes.example.com
spec:
  rules:
  - host: example.com
    http:
      paths:
      - path: /*
        backend:
          serviceName: istio-ingressgateway
          servicePort: 80

---

Still it is not creating alb in aws any idea