ISTIO on private cluster

So I am trying to install ISTIO in a private GKE cluster. There is hardly any documentation on this. The plan of action is thus and I am not sure if this is possible. Any suggestions is highly appreciated.

  1. Create a Internal Load Balancer with fixed IP address
  2. Create a GCP External Load Balancer , hook it up with the internal Istio ILB. GCP External LB would be protected by Cloud Armor etc. Do I need Natting to get this done?

I am in a quandry on the difference between the two when creating the istio script with Helm “internal” vs

are they the same?

Many thanks

Resolved this with some research and its working fine