I'm new to istio. I have a simple ingress gateway yaml file, and the listenling port is 26931, but after I applied the yaml, the port 26931 does not appear in the set of ports which ingress gateway expose. So am I lack of some necessary step or something else?
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: batman-gateway
spec:
selector:
istio: ingressgateway
servers:
- port:
number: 26931
name: http
protocol: HTTP
hosts:
- "*"You are exposing ports not with Gateway object, but with istio-ingressgateway service.
kubectl edit svc istio-ingressgateway -n istio-systemSo if you want to expose port 26931, you should do it with gateway service
ports:
- name: http
nodePort: 30001
port: 26931
protocol: TCP
targetPort: 80Also commented on your previous post- How to configure ingress gateway in istio?
The port setup is done in the Helm subchart for gateways. Instead of editing the service directly, you can declaratively define the additional ports in the Istio's values.yaml as something like below.
NOTE: As of Istio v1.2 and v1.3.0, the default port list defined in the original subchart would be overridden by this. In order to keep the default untouched, the below snippet has some values hard copied.
gateways:
istio-ingressgateway:
ports:
# Default port list copied from the original subchart values
# Ref: https://github.com/istio/istio/blob/release-1.2/install/kubernetes/helm/istio/charts/gateways/values.yaml
# (the ports below override the default and do not get merged, and thus need to be copied here)
- port: 15020
targetPort: 15020
name: status-port
- port: 80
targetPort: 80
name: http2
nodePort: 31380
- port: 443
name: https
nodePort: 31390
- port: 15029
targetPort: 15029
name: https-kiali
- port: 15030
targetPort: 15030
name: https-prometheus
- port: 15031
targetPort: 15031
name: https-grafana
- port: 15032
targetPort: 15032
name: https-tracing
# This is the port where sni routing happens
- port: 15443
targetPort: 15443
name: tls
##=== Additional Ports =======================##
- port: 8080
targetPort: 8080
name: http-custom
- port: 8081
targetPort: 8081
name: http-custom-backup
##____________________________________________##As of Istio 1.5.1 installed using istioctl with the following command (see official doc):
istioctl manifest apply -f your-overlay-config.yamlThe additional ports can be specified under components.ingressGateways section in your-overlay-config.yaml file. For example:
apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
metadata:
namespace: istio-system
spec:
components:
citadel:
enabled: true
sidecarInjector:
enabled: true
telemetry:
enabled: true
ingressGateways:
- name: istio-ingressgateway
enabled: true
k8s:
service:
ports:
# We have to specify original ports otherwise it will be erased
- port: 15020
targetPort: 15020
name: status-port
- port: 80
targetPort: 80
name: http2
- port: 443
name: https
- port: 15029
targetPort: 15029
name: kiali
- port: 15030
targetPort: 15030
name: prometheus
- port: 15031
targetPort: 15031
name: grafana
- port: 15032
targetPort: 15032
name: tracing
- port: 15443
targetPort: 15443
name: tls
- port: 31400
name: tcp
# Your additional ports
- port: 10000
name: misc
addonComponents:
prometheus:
enabled: false
values:
sidecarInjectorWebhook:
enableNamespacesByDefault: true
global:
proxy:
accessLogFile: "/dev/stdout"
gateways:
istio-egressgateway:
enabled: false
istio-ingressgateway:
sds:
enabled: trueIt worth noting that for Istio 1.5 and Istio 1.4 ports have to be specified under values.gateways.istio-ingressgateway section.