Installing Istio in EKS private subnets

cabrinha · July 19, 2019, 9:41pm

Hello,

Trying to install Istio into EKS using worker nodes that are in private subnets.

I’m setting the ingress gateway service annotation to:

service.beta.kubernetes.io/aws-load-balancer-internal: "true"

Has anyone been able to successfully install Istio into private subnets on EKS?

A common error I’m seeing is:

[2019-07-19 18:21:49.910][69][critical][main] [external/envoy/source/server/server.cc:90] error initializing configuration '/etc/istio/proxy/envoy.yaml': Invalid path: /etc/certs/cert-chain.pem
Invalid path: /etc/certs/cert-chain.pem

Do I need to set the option for “enable certmanager” to true? Has anyone been able to get this working?

quixoticmonk · August 18, 2020, 8:18pm

EKS documentation does mention annotating or tagging your subnets for identification for the loadbalancer. Were you able to get that sorted out ?

https://aws.amazon.com/premiumsupport/knowledge-center/eks-vpc-subnet-discovery/

Topic		Replies	Views
Istio ingressgateway with AWS ELB on private subnet	2	2431	March 27, 2019
Regarding Istio-gateway service deployment	0	260	July 13, 2023
How to setup Istio with Private AKS Cluster?	4	3377	September 7, 2020
ISTIO on private cluster Networking	1	606	November 7, 2019
How to setup SSL cert using istio with AWS EKS Security security	3	2689	October 14, 2020

Installing Istio in EKS private subnets

Related topics