How to add custom port for istio ingress gateway?

6/19/2019

I'm new to istio. I have a simple ingress gateway yaml file, and the listenling port is 26931, but after I applied the yaml, the port 26931 does not appear in the set of ports which ingress gateway expose. So am I lack of some necessary step or something else?

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: batman-gateway
spec:
  selector:
    istio: ingressgateway
  servers:
  - port:
      number: 26931
      name: http
      protocol: HTTP
    hosts:
    - "*"
-- leo
istio
kubernetes
kubernetes-helm
kubernetes-ingress

3 Answers

6/19/2019

You are exposing ports not with Gateway object, but with istio-ingressgateway service.

kubectl edit svc istio-ingressgateway -n istio-system

So if you want to expose port 26931, you should do it with gateway service

  ports:
  - name: http
    nodePort: 30001
    port: 26931
    protocol: TCP
    targetPort: 80

Also commented on your previous post- How to configure ingress gateway in istio?

-- A_Suh
Source: StackOverflow

9/23/2019

The port setup is done in the Helm subchart for gateways. Instead of editing the service directly, you can declaratively define the additional ports in the Istio's values.yaml as something like below.

NOTE: As of Istio v1.2 and v1.3.0, the default port list defined in the original subchart would be overridden by this. In order to keep the default untouched, the below snippet has some values hard copied.

gateways:
  istio-ingressgateway:
    ports:
      # Default port list copied from the original subchart values
      # Ref: https://github.com/istio/istio/blob/release-1.2/install/kubernetes/helm/istio/charts/gateways/values.yaml
      #      (the ports below override the default and do not get merged, and thus need to be copied here)
      - port: 15020
        targetPort: 15020
        name: status-port
      - port: 80
        targetPort: 80
        name: http2
        nodePort: 31380
      - port: 443
        name: https
        nodePort: 31390
      - port: 15029
        targetPort: 15029
        name: https-kiali
      - port: 15030
        targetPort: 15030
        name: https-prometheus
      - port: 15031
        targetPort: 15031
        name: https-grafana
      - port: 15032
        targetPort: 15032
        name: https-tracing
        # This is the port where sni routing happens
      - port: 15443
        targetPort: 15443
        name: tls
      ##=== Additional Ports =======================##
      - port: 8080
        targetPort: 8080
        name: http-custom
      - port: 8081
        targetPort: 8081
        name: http-custom-backup
      ##____________________________________________##
-- Ryota
Source: StackOverflow

4/15/2020

As of Istio 1.5.1 installed using istioctl with the following command (see official doc):

istioctl manifest apply -f your-overlay-config.yaml

The additional ports can be specified under components.ingressGateways section in your-overlay-config.yaml file. For example:

apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
metadata:
  namespace: istio-system
spec:
  components:
    citadel:
      enabled: true
    sidecarInjector:
      enabled: true
    telemetry:
      enabled: true
    ingressGateways:
      - name: istio-ingressgateway
        enabled: true
        k8s:
          service:
            ports:
              # We have to specify original ports otherwise it will be erased
              - port: 15020
                targetPort: 15020
                name: status-port
              - port: 80
                targetPort: 80
                name: http2
              - port: 443
                name: https
              - port: 15029
                targetPort: 15029
                name: kiali
              - port: 15030
                targetPort: 15030
                name: prometheus
              - port: 15031
                targetPort: 15031
                name: grafana
              - port: 15032
                targetPort: 15032
                name: tracing
              - port: 15443
                targetPort: 15443
                name: tls
              - port: 31400
                name: tcp
              # Your additional ports
              - port: 10000
                name: misc
  addonComponents:
    prometheus:
      enabled: false
  values:
    sidecarInjectorWebhook:
      enableNamespacesByDefault: true
    global:
      proxy:
        accessLogFile: "/dev/stdout"
    gateways:
      istio-egressgateway:
        enabled: false
      istio-ingressgateway:
        sds:
          enabled: true

It worth noting that for Istio 1.5 and Istio 1.4 ports have to be specified under values.gateways.istio-ingressgateway section.

-- peppered
Source: StackOverflow