Hello, I’m using Isitio v1.16 for Kubeflow, and I want to apply TLS on istio-ingressgateway.
As I know, target port for HTTP is 8080 and 8443 port is for HTTPS.
But in my case, 8443 port of istio-ingressgateway looks it cannot find route to kubeflow dashboard.
This is error log when I access “https://centraldashboard.kubeflow.example.com”
HTTP/2 404 NR route_not_found - "-" 0 0 0 - "61.101.xxx.xxx" "Mozilla ... " Chrome/109.0.0.0 ... "centraldashboard.kubeflow.example.com" "-" - - 10.244.133.65:8443 61.101.xxx.xxx:5014 centraldashboard.kubeflow.example.com -
Also, I’m using NodePort type of istio-ingressgateway service, because there is external L4 switch outside of cluster.
My istio-ingressgateway svc yaml is,
apiVersion: v1
kind: Service
metadata:
labels:
app: istio-ingressgateway
istio: ingressgateway
...
spec:
...
ports:
- name: status-port
nodePort: 30406
port: 15021
protocol: TCP
targetPort: 15021
- name: http2
nodePort: 30000
port: 80
protocol: TCP
targetPort: 8080
- name: https
nodePort: 32384
port: 443
protocol: TCP
targetPort: 8443
- name: tcp
nodePort: 32224
port: 31400
protocol: TCP
targetPort: 31400
- name: tls
nodePort: 31699
port: 15443
protocol: TCP
targetPort: 15443
selector:
app: istio-ingressgateway
istio: ingressgateway
type: NodePort
...
This is Istio gateway yaml file.
apiVersion: networking.istio.io/v1beta1
kind: Gateway
metadata:
...
name: istio-ingressgateway
namespace: istio-system
labels:
release: istio
spec:
selector:
app: istio-ingressgateway
istio: ingressgateway
servers:
- hosts:
- '*'
port:
name: http
number: 80
protocol: HTTP
- hosts:
- '*'
port:
name: https
number: 443
protocol: HTTPS
tls:
credentialName: centraldashboard-tls
mode: SIMPLE
So, my question is,
- Why 8443 target port cannot find any route, even if istio-proxy has 8433 container port?
- Is there any method to route to centraldashboard pod from 8443 target port in istio-ingressgateway?
- Is it possible to apply TLS with NodePort type of Istio-ingressgateway service?
Thank you