istio: Internal Loadbalancer not being created on GKE

Describe the bug When creating an istio-ingressgateway in gcp and adding “internal” annotation load balancer is stuck in pending

Expected behavior Loadbalancer is created

Steps to reproduce the bug add serviceAnnotations: cloud.google.com/load-balancer-type: “internal” to the “istio-ingressgateway:” in the values file

Version {{ What version of Istio and Kubernetes are you using? Use istioctl version and kubectl version }} not using istioctl Server Version: version.Info{Major:“1”, Minor:“11+”, GitVersion:“v1.11.6-gke.3”, GitCommit:“04ad69a117f331df6272a343b5d8f9e2aee5ab0c”, GitTreeState:“clean”, BuildDate:“2019-01-10T00:39:15Z”, GoVersion:“go1.10.3b4”, Compiler:“gc”, Platform:“linux/amd64”}

Installation helm chart downloaded from https://istio.io/docs/setup/kubernetes/download-release/

Environment cloud provider: gcp nodes: n1-standard-4 (4 vCPUs, 15 GB memory)

I am aware of the issue with gcp internal load balancer limit (something that was not written in documentation when we moved to google cloud) “A maximum of 5 ports in a forwarding rule, unless you configure the forwarding rule to match all ports.”

there are 8 port configured on “istio-ingressgateway” Port 80 Port 443 Port 31400 Port 15011 - tcp-pilot-grpc-tls Port 8060 - tcp-citadel-grpc-tls Port 853 - tcp-dns-tls Port 15030 - http2-prometheus Port 15031 - http2-grafana

I would like to work with everything offered in the ingressgateway is there any way around this and still use internal load balancer? I tried splitting the LB and putting 80/443/31400/853 on one LB and 15011/8060/15030/15031 on the second LB But when i started with the bookstore app example everything did not work properly. When going back to regular LB (external) with all ports on one LB everything worked great. Due to limitations in our company we need to work with internal LB’s. is there any way around this?

Thanks

About this issue

  • Original URL
  • State: closed
  • Created 5 years ago
  • Reactions: 12
  • Comments: 17 (3 by maintainers)

Most upvoted comments

Hi I’m from the GKE team. It is correct that the L4 ILB in GCP currently supports a max of 5 ports per forwarding rule. We are currently working increasing this limit which is scheduled to go public Beta some time in early Q2 of this year. It is currently in Alpha and so if you would like to get access to this functionality contact your account team to do so. Until then 1 Service type internal LB can map to only 5 ports and so multiple Services will have to be used to expose more than 5 ports.

+6
mark-church on Mar 6, 2020

@mark-church ,

Could you please tell us the exact date of beta release.

Thank in advance!!

+3
pankaj-akhade on Apr 13, 2020

Hi everybody, up to 50 ports are now supported for L4 ILBs deployed through GKE Services. Multiple Services can be deployed against the same internal VIP for up to 10 Services per VIP. This does not require whitelisting and is now publicly available: https://cloud.google.com/kubernetes-engine/docs/how-to/internal-load-balancing#shared_VIP

+2
mark-church on Jun 23, 2020
Read more comments on GitHub
← istio: Internal Kubernetes API Calls Blocked by Istio
istio: Invalid env var marshalling in k8s resource spec →