In this section the Istio Ingress Controller will be deployed to each node in the istio-ingress-pool node pool using a DaemonSet. The reason for doing this is to provide dedicated resources to the Istio Ingress Controllers and support the ability to scale the istio-ingress-pool node pool independently of the default node pool. Using two different node pools also grants the ability to use different machine types for the Ingress Controllers and general workloads.
Create the istio-ingress service account:
kubectl apply -f serviceaccounts/istio-ingress.yaml
Create the istio-ingress cluster role:
kubectl apply -f clusterroles/istio-ingress.yaml
Create the istio-ingress role binding:
kubectl apply -f rolebindings/istio-ingress.yaml
A DaemonSet will be used to ensure a single Istio Ingress Controller runs on each node in the istio-ingress-pool node pool.
kubectl apply -f daemonsets/istio-ingress.yaml
Create the istio-ingress service:
kubectl apply -f services/istio-ingress.yaml
The
istio-ingressservice sets thespec.externalTrafficPolicytoLocalto ensure only the nodes in theistio-ingress-poolnode pool running the Istio Ingress Controller receive traffic. This feature is documented in the using source IP services section
At this point the Istio Ingress Controllers are ready to receive traffic:
kubectl get pods -l istio=ingress
NAME READY STATUS RESTARTS AGE
istio-ingress-XXXXX 1/1 Running 0 5m
istio-ingress-XXXXX 1/1 Running 0 5m
Next: Using Istio Route Rules