Bind kubernetes istio ingress gateway to local ports 80 and 443

Question

I managed to install kubernetes 1.22, longhorn, kiali, prometheus and istio 1.12 (profile=minimal) on a dedicated server at a hosting provider (hetzner).

I then went on to test httpbin with an istio ingress gateway from the istio tutorial. I had some problems making this accessible from the internet (I setup HAProxy to forward local port 80 to the dynamic port that was assigned in kubernetes, so port 31701/TCP in my case)

How can I make kubernetes directly available on bare metal interface port 80 (and 443).

I thought I found the solution with metallb but I cannot make that work so I think it's not intended for that use case. (I tried to set EXTERNAL-IP to the IP of the bare metal interface but that doesn't seem to work)

My HAProxy setup is not working right now for my SSL traffic (with cert-manager on kubernetes) but before I continue looking into that I want to make sure. Is this really how you are suppose to route traffic into kubernetes with an istio gateway configuration on bare metal?

I came across this but I don't have an external Load Balancer nor does my hosting provider provide one for me to use.

Answer 1

Posted community wiki answer for better visibility based on the comment. Feel free to expand it.

---

The solution for the issue is:

I setup HAProxy in combination with Istio gateway and now it's working.

The reason:

I think the reason why SSL was not working was because istio.io/latest/docs/setup/additional-setup/gateway creates the ingress gateway in a different namespace (istio-ingress) from the rest of the tutorials (istio-system).