i am trying load balancing using nginx to services behind istio service mesh deployed on openshift.
my query is in nginx.conf which ip's i have to use in case of istio deployment? in non-istio deployment i used node ip of pod and nodeport of service.
upstream infra{
server XXX.XXX.XXX.XXX:8080;
}
map $proxy_add_x_forwarded_for $client_ip {"~(?<IP>([0-9]{1,3}\.){3}[0-9]{1,3}),.*" $IP;}
server {
listen 80;
server_name example.com;
access_log /var/log/nginx/nginx.testmegh.access.log main;
error_log /var/log/nginx/nginx.testmegh.error.log error;
location /fininfra {
proxy_pass http://infra:80;
proxy_http_version 1.1;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
}
Everything in istio goes through istio-ingressgateway external-IP, so it depends on how you configured your istio cluster. It can be either LoadBalancer or NodePort .
Quoted from documentation
Determining the ingress IP and ports
Execute the following command to determine if your Kubernetes cluster is running in an environment that supports external load balancers:
$ kubectl get svc istio-ingressgateway -n istio-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
istio-ingressgateway LoadBalancer 172.21.109.129 130.211.10.121 ... 17h
If the EXTERNAL-IP value is set, your environment has an external load balancer that you can use for the ingress gateway. If the EXTERNAL-IP value is (or perpetually ), your environment does not provide an external load balancer for the ingress gateway. In this case, you can access the gateway using the service's node port.
which ip's i have to use in case of istio deployment
In above example from documentation it's 130.211.10.121
.
Let's say you have deployed Bookinfo Application and you want to access it through a browser, you would have to use above IP and appropriate uri from virtual service . So it would be 130.211.10.121/productpage
.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.