Configuring Istio Ingress with AWS NLB
Ingress AWS Network Load Balancer
This post provides instructions to use and configure ingress Istio with AWS Network Load Balancer2.
Network load balancer (NLB) could be used instead of classical load balancer. You can see the comparison between different AWS loadbalancer
for more explanation.
Prerequisites
The following instructions require a Kubernetes 1.9.0 or newer cluster.
Usage of AWS
nlb
on Kubernetes is an Alpha feature and not recommended for production clusters.
IAM Policy
You need to apply policy on the master role in order to be able to provision network load balancer.
In AWS
iam
console click on policies and click on create a new one:Create a new policy Select
json
:Select json Copy/paste text below:
Click review policy, fill all fields and click create policy:
Validate policy Click on roles, select you master role nodes, and click attach policy:
Attach policy Your policy is now attach to your master node.
Rewrite Istio Ingress Service
You need to rewrite ingress service with the following:
See also
Deploy a custom ingress gateway using cert-manager3
Describes how to deploy a custom ingress gateway using cert-manager manually.
Describes how to configure Istio to expose a service outside of the service mesh.
Describes how to configure Istio to expose a service outside of the service mesh, over TLS, mutual TLS or JWT authentication.
Incremental Istio Part 1, Traffic Management6
How to use Istio for traffic management without deploying sidecar proxies.
Introducing the Istio v1alpha3 routing API7
Introduction, motivation and design principles for the Istio v1alpha3 routing API.
Traffic Mirroring with Istio for Testing in Production8
An introduction to safer, lower-risk deployments and release to production.