Kubernetes with Istio Ingress Not Running on Standard HTTP Ports 443/80
If routing to your application is required to run on 443/80, your Kubernetes cluster must have an external load balancer deployed. If one is not present, the traffic will be routed to the ingress node port.
Refer to - https://istio.io/docs/tasks/traffic-management/ingress/#determining-the-ingress-ip-and-ports (Determining the ingress IP and ports):
"If the EXTERNAL-IP value is set, your environment has an external load balancer that you can use for the ingress gateway. If the EXTERNAL-IP value is (or perpetually ), your environment does not provide an external load balancer for the ingress gateway. In this case, you can access the gateway using the service’s node port."
Example for my bare-metal instance without an external load balancer:
[admin@master1 ~]$ kubectl get svc -n istio-system | grep istio-ingressistio-ingress LoadBalancer 10.114.107.196 <pending> 80:32400/TCP,443:31564/TCP 5distio-ingressgateway LoadBalancer 10.99.1.148 <pending> 80:31380/TCP,443:31390/TCP,31400:31400/TCP 5d
If you are deploying to an online cloud provider such as IBM Bluemix (probably AWS/Azure/etc.), you should already have one configured. If your configuration is on bare-metal, you likely don't have a load balancer configured.
Example for my Bluemix instance with an external load balancer:
λ kubectl get svc -n istio-system | grep istio-ingressistio-ingress LoadBalancer 172.21.26.25 123.45.67.195 80:32000/TCP,443:31694/TCP 6histio-ingressgateway LoadBalancer 172.21.139.142 123.45.67.196 80:31380/TCP,443:31390/TCP,31400:31400/TCP 6h
I have not yet gone back to deploy a load balancer to bare-metal so would like to hear if anyone has. I have briefly looked at Metal but have not spent much time on it.
The nodeport range can be modifief on the api-server manifest, if you are using kubeadm, edit the '/etc/kubernetes/manifests/kube-apiserver.yaml' file and add the following line:
- --service-node-port-range=80-32767
Then, edit 'istio-ingressgateway' service:
- name: http2 nodePort: 80 port: 80 protocol: TCP targetPort: 8080 - name: https nodePort: 443 port: 443 protocol: TCP targetPort: 8443