Update 14-03-2021

Metallb LoadBalancer IP 192.168.0.21 accessible from Cluster (Master/Nodes) Only.

root@C271-KUBE-NODE-0-04:~# curl -s -I -HHost:httpbin.example.com "http://192.168.0.21:80/status/200"
HTTP/1.1 200 OK
server: istio-envoy
date: Sun, 14 Mar 2021 17:32:36 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
access-control-allow-credentials: true
content-length: 0
x-envoy-upstream-service-time: 2

Issue

Trying to get istio working with metallb on Vmware ESXI.

Intalled MetalLb with helm install metallb bitnami/metallb -n metallb-system -f metallb-config.yaml

configInline:
  address-pools:
    - name: prod-k8s-pool
      protocol: layer2
      addresses:
        - 192.168.0.21

Used https://istio.io/latest/docs/setup/install/helm/ to install istio.

helm install istio-base manifests/charts/base --set global.jwtPolicy=first-party-jwt -n istio-system
helm install istiod manifests/charts/istio-control/istio-discovery --set global.jwtPolicy=first-party-jwt -n istio-system
helm install istio-ingress manifests/charts/gateways/istio-ingress --set global.jwtPolicy=first-party-jwt -n istio-system
helm install istio-egress manifests/charts/gateways/istio-egress --set global.jwtPolicy=first-party-jwt -n istio-system

❯ k get svc
NAME                   TYPE           CLUSTER-IP       EXTERNAL-IP    PORT(S)                                                                      AGE
httpbin                LoadBalancer   10.104.32.168    <none>         8000:32483/TCP                                                               16m
istio-egressgateway    ClusterIP      10.107.11.137    <none>         80/TCP,443/TCP,15443/TCP                                                     20m
istio-ingressgateway   LoadBalancer   10.109.199.203   192.168.0.21   15021:32150/TCP,80:31977/TCP,443:30960/TCP,15012:30927/TCP,15443:31439/TCP   31m
istiod                 ClusterIP      10.96.10.193     <none>         15010/TCP,15012/TCP,443/TCP,15014/TCP                                        33m

At the same time, metallb controller logs say it allocated IP.

metallb-system/metallb-controller-64c58bc7c6-bks6m[metallb-controller]: {"caller":"service.go:114","event":"ipAllocated","ip":"192.168.0.21","msg":"IP address assigned by controller","s
ervice":"istio-system/istio-ingressgateway","ts":"2021-03-14T09:20:12.906308842Z"}

I am trying to install a simple sample HTTPBIN using https://istio.io/latest/docs/tasks/traffic-management/ingress/ingress-control/

kubectl apply -f <(istioctl kube-inject -f samples/httpbin/httpbin.yaml)

$ kubectl apply -f - <<EOF
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: httpbin-gateway
spec:
  selector:
    istio: ingressgateway # use Istio default gateway implementation
  servers:
  - port:
      number: 80
      name: http
      protocol: HTTP
    hosts:
    - "httpbin.example.com"
EOF

kubectl apply -f - <<EOF
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: httpbin
spec:
  hosts:
  - "httpbin.example.com"
  gateways:
  - httpbin-gateway
  http:
  - match:
    - uri:
        prefix: /status
    - uri:
        prefix: /delay
    route:
    - destination:
        port:
          number: 8000
        host: httpbin
EOF

But the IP 192.168.0.21 never resolves. From other machines in the same network.

curl -s -I -HHost:httpbin.example.com "http://192.168.0.21:80/status/200"

I tried Nginx-ingress installation with

spec:
  type: LoadBalancer
  loadBalancerIP: 192.168.0.21

that is working fine, Can anybody guide how istio will work with bare metal metallb.