In a multi cluster, single mesh with namespace tenancy setup with Istio (purely to have over 5,000 nodes), I would like to create a gateway and assign it to specific nodes, the current docs does not cover this for a gateway here however the IstioOperator does here via NodeSelector
How would I go about assigning specific nodes (and where possible specific public IPs for the Istio Gateway)
I have looked into a similar question, however I do not see any proper documented approach to this issue.
EDIT I would like the Gateway to be the sole ingress for all namespaces on the cluster
Gateway object is no more than Envoy config for istio-ingressgateway pod which is an Envoy proxy.
So, if you want your gateway to be deployed on a specific node, you should add the nodeSelector or nodeAffinity to the Deployment object of istio-ingressgateway.
EDIT
Assuming you have istioctl downloaded.
$ kubectl label no worker-1-v1-21 istio-gatewaynode=valid
$ istioctl manifest generate --set profile=demo > istio.yaml
$ vim istio.yaml
Search for the Deployment called istio-ingressgateway, and add teh following lines to nodeAffinity sectio as follows:
...
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/arch
operator: In
values:
- amd64
- ppc64le
- s390x
requiredDuringSchedulingIgnoredDuringExecution: <-
nodeSelectorTerms: <-
- matchExpressions: <- add
- key: istio-gatewaynode <- these
operator: In <- lines
values: <-
- valid <-
containers:
- args:
...
Install istio with the generated yaml:
# kubectl create -f istio.yaml
...
# kubectl get po -n istio-system -owide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
istio-egressgateway-5547fcc8fc-wntbc 1/1 Running 0 13m 192.168.184.5 worker-2-v1-21 <none> <none>
istio-ingressgateway-85b7fddd86-mntmz 1/1 Running 0 13m 192.168.166.70 worker-1-v1-21 <none> <none>
istiod-6659979bdf-vwc4x 1/1 Running 0 13m 192.168.184.4 worker-2-v1-21 <none> <none>