K
Q

How to configure the auto-generated istio-ingressgateway in GKE?

6/12/2019

I want to add a wild card based domain name (e.g *.somedomain.com) to istio-ingressgateway and set self-signed TLS certificate. Istio on GKE is installed via enabling Istio from the cluster's addon list.

First question is whether it is recommended to configure and use the auto-generated istio-ingressgateway instead of creating one.

If so, then the second question is how to update the settings for that gateway.

I had to include labels, resourceVersion and selfLink fields from the auto-created ingressgateway and set resourceVersion as the current version, otherwise, Kubernetes does not accept the new YAML file.

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  # QUESTION: Copid fields from the current ingressgateway to be specified.
  # Otherwise, kubectl does not accept the settings.
  # $ kubectl apply -f ./helm-charts/istio/gateway.yaml
  # The gateways "istio-autogenerated-k8s-ingress" is invalid: metadata.resourceVersion: Invalid value: 0x0: must be specified for an update

  # labels:
  #   addonmanager.kubernetes.io/mode: EnsureExists
  #   k8s-app: istio
  # resourceVersion: "9331065"
  # selfLink: /apis/networking.istio.io/v1alpha3/namespaces/istio-system/gateways/istio-autogenerated-k8s-ingressa
  name: istio-autogenerated-k8s-ingress
  namespace: istio-system
spec:
  selector:
    istio: ingressgateway
  servers:
  - port:
      number: 443
      name: https
      protocol: HTTPS
    tls:
      mode: PASSTHROUGH
      serverCertificate: /etc/istio/ingressgateway-certs/tls.crt
      privateKey: /etc/istio/ingressgateway-certs/tls.key
    hosts:
    - "*.heportal.squiz.cloud"

If I apply the above sample gateway.yaml file:

$ kubectl apply -f ./helm-charts/istio/gateway.yaml
The gateways "istio-autogenerated-k8s-ingress" is invalid: metadata.resourceVersion: Invalid value: 0x0: must be specified for an update
-- skim-so
google-kubernetes-engine
istio
kubernetes
kubernetes-ingress

Similar Questions

How to scale a Kubernetes cluster on GKE?
How to add kubernetes pods label to prometheus metrics?
Connect from localhost to a mongodb replicaset into a kubernetes cluster
Is it possible to sort Kubernetes API list of ConfigMaps?
How can i export openshift native resource defination to yaml file, like Project/DeploymentConfig/BuildConfig
Does GKE Autopilot sometimes kill Pods and is there a way to prevent it for Critical Services?
How can I specify cron timezone in k8s cron job?

1 Answer

6/12/2019

Welcome on StackOverflow @skim-go

I'm afraid your should not do any direct modifications (kubectl edit) to the istio-auto-generated resources (like default ingress gateway), which comes with Istio on GKE add-on, as they will be reverted by the Kubernetes add-on manager.

Instead I would recommend you to install/add a custom-gateway to your existing Istio on GKE installation (and do customization there) as they are not reconciled, quoting after official doc :

Any ingress and egress resources that you add yourself are under user control and are not reconciled or auto upgraded.

How to add custom-ingress-gateway I explained in another SO's question here.

Hint: because you have already Istio on GKE installed, in your case you should use unified diff strategy to prepare necessary manifest file, with only missing resources in your cluster.

-- Nepomucen
Source: StackOverflow