I have my app running on EKS which is using istio-ingressgateway service for load balancer having ports 15020,15032,15031,15029,15030,15443. I want to terminate SSL on this ELB but whenever I apply my ingress.yaml file, it overwrites all the default ports and only configures 443. What change should be needed to add 443 SSL port in running ELB and keep other ports as they are.
apiVersion: v1
kind: Service
metadata:
name: istio-ingressgateway
namespace: istio-system
annotations:
service.kubernetes.io/tke-existed-lbid: "xxxxxxxxxxxxxxxxxxxxx"
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:xx-xxxx-x:123456789:certificate/xxxxxx-xxxxx-xxx-xxxx-xxxxxxx"
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "http"
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "443"
labels:
chart: gateways-1.0.1
release: istio
heritage: Tiller
app: istio-ingressgateway
istio: ingressgateway
spec:
type: LoadBalancer
ports:
- port: 443
name: https
protocol: TCP
externalTrafficPolicy: Cluster
selector:
app: istio-ingressgateway
istio: ingressgateway There doesn't seem to be support for using existing ELB through annotations. It's very interesting that tke-existed-lbid is working for you. If I am not wrong that's Tencent Kubernetes Engine. Annotations are designed to create new LBs. If you want to use existing LB, create the LB outside of the k8s context and keep your manifest as is (minus annotations) to serve as External Load Balancer.