Istio ingress-controller via host network (bare-metal)

7/11/2019

I am trying to use of Istio in bare-metal and I wanted to use the minimum resources needed just to get an Ingress controller with Envoy and Cert-Manager (maybe later evolving to the use of more advanced service mesh features). I tried following this docs: Istio Kubernetes Ingress with Cert-Manager Demonstrates how to obtain Let's Encrypt TLS certificates for Kubernetes Ingress automatically using Cert-Manager.

My main problem is that I am in bare-metal and want to use neither LoadBalancer nor NodePort. I was going for a host-network approach as the analogous solution using nginx here. 1) Can I use istio to replace my current nginx-ingress controller with Hostnetwork?

Setup tried (with no success):

helm install install/kubernetes/helm/istio-init --name istio-init --namespace istio-system
helm install install/kubernetes/helm/istio --name istio --namespace istio-system \
--values install/kubernetes/helm/istio/values-istio-minimal.yaml

2) If (1) is possible, can I use istio helm chart with istio-minimal (just istio-pilot) for that? What is the recommended minimal profile setup in this case?

-- staticdev
bare-metal-server
istio
kubernetes
kubernetes-ingress

1 Answer

7/23/2019

The istio.io document for Ingress with Cert-Manager needs you to use the ingress-gateway object to attach it to a load balancer, so it's not an alternative in this case.

The Nginx approach is feasible as you can use Cert-Manager with the Nginx ingress class to automatically manage your certificates (replacing the Envoy-based Istio resources).

Now, the issue is that you have to redirect all the Nginx incoming traffic into the Istio mesh.

Although this is integration is not yet natively supported, there are ways to make them work together that might end up rather hacky.

Unless you're having an issue that is not described in the question, I don't think having the minimal Istio installation has any relationship with this scenario.

-- yyyyahir
Source: StackOverflow