Istio Ingress gateway with Network LoadBalancer

Samith_Dissanayake · June 16, 2020, 6:06am

Hi All,

We have several kubernetes clusters on AWS and we are in progress of moving to istio ingress gateway from nginx ingress controller.

But at the initial state we have to use both these gateways. Currently we are hosting nginx ingress gw on port 80 and 443 on worker nodes and network load balancer routing traffic.

But when we are using istio gateway it starts node port on 30000-32767 port range and with aws NLB we have to whitelist all host for these istio ports. So our security rule count will we double.

But since we have already reached to maximum aws security rule count for minions we can’t add any more.

Do you guys have any suggestion to use both istio ingress gateway and nginx ingress gateway with network load balancers without configuring security rules with duplicated hosts.

Due to this currently we are using classic load balancer to route istio traffic inside cluster.

Gregoire · June 16, 2020, 6:28am

Hello,

You whitelist nodes per nodes? not the entire worker subnetwork at once? is this subnetwork used by something else?(not sure it is possible)

Samith_Dissanayake · June 16, 2020, 7:07am

Hi Gregoire,

Thanks for the reply…
We are whitelisting for all subnets at once. Not for individual worker nodes. In our clusters we using one VPC per cluster. So on this VPC, we have some other aws resources other than worker nodes. But we have separated ELB for worker nodes.

Topic		Replies	Views
Host Istio ingress gateway on port 80 and 443 Networking	3	1491	June 23, 2020
Ingress Gateway as a Load Balancer in a non Cloud Environment Config	0	487	March 3, 2020
Istio Ingress + K8s Ingress Load Balancer Patterns Networking	1	488	July 9, 2019
Istio ingress gateway configuration	8	1510	September 9, 2019
How to load balancing istio ingress gateway (Non GKE) with GCP load balancer	0	576	July 19, 2021

Istio Ingress gateway with Network LoadBalancer

Related Topics