Hi Istio group! I’m looking to upgrade our company’s Istio implementation from 1.7.0 to 1.8.6.
The Istio 1.7.0 we have was initially setup by a previous employee and he setup the ingressgateways as LoadBalancers:
NAME TYPE
service/istio-egressgateway ClusterIP
service/istio-ingressgateway LoadBalancer
service/istio-internal-ingressgateway LoadBalancer
service/istiod ClusterIP
Furthermore, this has been setup using a helm chart very similar to:
resource “helm_release” “istio_crds” {
name = “istio-crds”
chart = “some-chart”
namespace = “istio-system”
values = [
file(“YAML_FILE content listed below:”)
]
}
YAML_FILE content:
ingress:
enabled: true
annotations:
kubernetes . io/ingress . class: alb
alb . ingress . kubernetes . io/target-type: ip
alb . ingress . kubernetes . io/scheme: internet-facing
alb . ingress . kubernetes . io/ssl-policy: ELBSecurityPolicy-TLS-1-2-2017-01
alb . ingress . kubernetes . io/tags: Name=name-of-app,Environment=prod
alb . ingress . kubernetes . io/backend-protocol: HTTPS
alb . ingress . kubernetes . io/healthcheck-protocol: HTTP
alb . ingress . kubernetes . io/listen-ports: ‘[{“HTTP”: 80}, {“HTTPS”:443}]’
alb . ingress . kubernetes . io/actions . ssl-redirect: ‘{“Type”: “redirect”, “RedirectConfig”: { “Protocol”: “HTTPS”, “Port”: “443”, “StatusCode”: “HTTP_301”}}’
alb . ingress . kubernetes . io/healthcheck-interval-seconds: ‘5’
alb . ingress . kubernetes . io/healthcheck-timeout-seconds: ‘4’
alb . ingress . kubernetes . io/healthy-threshold-count: ‘4’
alb . ingress . kubernetes . io/unhealthy-threshold-count: ‘2’
alb . ingress . kubernetes . io/healthcheck-port: “15020”
alb . ingress . kubernetes . io/healthcheck-path: /healthz/ready
alb . ingress . kubernetes . io/certificate-arn: lots-and-lots-of-aws-cert-arns-here
alb . ingress . kubernetes . io/target-group-attributes: stickiness . enabled=true,stickiness . lb_cookie . duration_seconds=3600,deregistration_delay . timeout_seconds=900
alb . ingress . kubernetes . io/wafv2-acl-arn: the-aws-waf-arn-here
alb . ingress . kubernetes . io/load-balancer-attributes: “access_logs . s3 . enabled=true,access_logs . s3 . bucket=some-random-prod-logs-alb”
redirectToSSL:
serviceName: ssl-redirect
servicePort: use-annotation
path: /*
hosts:
- host: a-bunch-of-hosts-here
paths: ["/*"]
I am unsure whether or not upgrading to Istio 1.8.6 will remove these loadbalancers and recreate them?