We have a GKE cluster, with IP alias enabled, and I was expecting to hit Cluster-IP of a LoadBalancer type service, but I can't. It times out.

This is the scenario:

NAME                     TYPE           CLUSTER-IP     EXTERNAL-IP    PORT(S)   
istio-ingressgateway     LoadBalancer   10.aa.bb.bb     35.aa.bb.cc   80:31380/TCP,443:31390/TCP,31400:31400/TCP,15011:31585/TCP,8060:31570/TCP,853:31552/TCP,15030:31762/TCP,15031:30685/TCP   52m

I have the service above that I want to access through the internal IP address (Cluster-IP), rather then the external one. I have IP alias enable in my project, so this is how looks like the VPC.

Since the VPC is aware of the IP addresses of the services, should it be able to route the requests to the cluster?

I tried without IP aliases, and setting a route manually that sends all the requests to 10.aa.bb.cc to a GKE node, then from there, it will reach the backend. That works, but it is not neat.

One thing I can't do is to set the LoadBalancer type service to be internal, since there are way many ports, and it is controlled by Istio, so I don't even want to touch it.

Any idea if this is an expected behavior or something is wrong?