Istio Ingress gateway with Network LoadBalancer

Hi All,

We have several kubernetes clusters on AWS and we are in progress of moving to istio ingress gateway from nginx ingress controller.

But at the initial state we have to use both these gateways. Currently we are hosting nginx ingress gw on port 80 and 443 on worker nodes and network load balancer routing traffic.

But when we are using istio gateway it starts node port on 30000-32767 port range and with aws NLB we have to whitelist all host for these istio ports. So our security rule count will we double.

But since we have already reached to maximum aws security rule count for minions we can’t add any more.

Do you guys have any suggestion to use both istio ingress gateway and nginx ingress gateway with network load balancers without configuring security rules with duplicated hosts.

Due to this currently we are using classic load balancer to route istio traffic inside cluster.


You whitelist nodes per nodes? not the entire worker subnetwork at once? is this subnetwork used by something else?(not sure it is possible)

Hi Gregoire,

Thanks for the reply…
We are whitelisting for all subnets at once. Not for individual worker nodes. In our clusters we using one VPC per cluster. So on this VPC, we have some other aws resources other than worker nodes. But we have separated ELB for worker nodes.