Issue with using an internal ingress

rdyer · March 15, 2019, 6:57pm

Currently running istio off the release-1.1 branch. I used helm to install and had it create the default ingressgateway as well as the ilbgateway and modified the annotation for AWS internal instead of google. I can curl the internal ELB and get a 404 which I think tells me that the ingress is mostly functioning. However when i take the httpbin example and modify it to try and use the internal ingress, I still get 404s. y gateway and virtual service definition is below. I’m using external-dns to create the r53 entry and have confirmed its creating it based on the ILB fqdn, not the external one. What am I missing?

Thanks

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: httpbin-gateway
  namespace: default
  annotations:
    kubernetes.io/ingress.class: internal
spec:
  selector:
    istio: ilbgateway # use Istio default gateway implementation
  servers:
  - port:
      number: 80
      name: http
      protocol: HTTP
    hosts:
    - "httpbin.internal.domain"

---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: httpbin
  namespace: default
spec:
  hosts:
  - "httpbin.internal.domain"
  gateways:
  - httpbin-gateway
  http:
  - match:
    - uri:
        prefix: /ip
    route:
    - destination:
        port:
          number: 8000
        host: httpbin.default.svc.cluster.local

rdyer · March 18, 2019, 2:07pm

Anyone have any ideas?

Daniel_Jensen · March 26, 2019, 7:40pm

I’m doing something pretty similar on istio 1.1.1, the main difference is I am using ingressgateway for the selector:

spec:
  selector:
    istio: ingressgateway # use Istio default gateway implementation

rdyer · March 27, 2019, 2:48pm

Yeah not sure what I had misconfigured but was eventually able to get things working with TLS. For anyone else that runs into this, this is what I use for exposing our grafana via an internal ingress.

# Grafana
apiVersion: "networking.istio.io/v1alpha3"
kind: "DestinationRule"
metadata:
  name: "grafana"
  namespace: "istio-system"
spec:
  host: grafana.istio-system.svc.cluster.local
  trafficPolicy:
    tls:
      mode: DISABLE

--- 
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: istio-grafana-gateway
  namespace: "istio-system"
  annotations:
    kubernetes.io/ingress.class: internal # This is for external-dns integration
spec:
  selector:
    istio: ilbgateway
  servers:
  - port:
      number: 443
      name: https-grafana-istio
      protocol: HTTPS
    hosts:
    - "grafana.domain"
    tls: # This is a *.domain cert
      mode: SIMPLE
      privateKey: /etc/istio/ingressgateway-certs/tls.key 
      serverCertificate: /etc/istio/ingressgateway-certs/tls.crt

---

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: istio-grafana
  namespace: "istio-system"
spec:
  hosts:
  - "grafana.domain"
  gateways:
  - istio-grafana-gateway
  http:
  - route:
    - destination:
        port:
          number: 3000
        host: grafana.istio-system.svc.cluster.local

Topic		Replies	Views
Istio Ingress-Gateway problem Networking	2	1307	November 13, 2020
Questions about Gateways and Let's Encrypt Security	8	2523	April 27, 2020
How to configure k8s ingress with istio1.6 Config	7	2221	September 10, 2020
Cannot get bookinfo and httpbin ingressgateway to work on new install 1.2.*	2	1351	July 18, 2019
[unsolved][Istio 1.1.1] How to setup k8s ingress resources properly Config	1	2651	April 1, 2019

Issue with using an internal ingress

Related topics