Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support Istio/Envoy as AWS ALB #476

Closed
ZackButcher opened this issue Jul 18, 2017 · 4 comments
Closed

Support Istio/Envoy as AWS ALB #476

ZackButcher opened this issue Jul 18, 2017 · 4 comments
Assignees
@rshriram
Labels
area/environments area/networking

Comments

@ZackButcher
Copy link
Contributor

Today when using Kubernetes on AWS, ingress resources are automatically turned into AWS ELBs. AWS has recently added support for Application Load Balancers (ALBs). We need to investigate and document the setup required to use Envoy as an ingress resource on AWS, which will involve setting up an ALB.

Looking around briefly, CoreOS has open sourced an ALB Ingress Controller that we may be able to leverage.
@mclarke47
Copy link

I'm definitely interested in helping replacing the ELB used in the istio ingress controller with an ALB (cheaper, faster). We currently give the istio ingress service a load balancer which gives us an elb that we add CNAMES to, and then use hostnames in the ingresses to route traffic.

Would this change require this issue to be addressed though? If not would the istio ingress controller be replaced by the ALB Ingress controller?

@ldemailly ldemailly added this to the Istio 0.3 milestone Aug 16, 2017
mandarjog pushed a commit that referenced this issue Oct 31, 2017
@sebastienvas
Update bazelbuild go rule (#476)
d87cf76
guptasu pushed a commit to guptasu/istio that referenced this issue Jun 11, 2018
@spikecurtis @hklai
Unix domain sockets on ServiceEntry (istio#476)
b549a3f 
Signed-off-by: Spike Curtis <spike@tigera.io>
@rshriram rshriram modified the milestones: 0.3, Nebulous Future Jun 12, 2018
@rshriram rshriram assigned rshriram and unassigned rshriram Jun 12, 2018
@rshriram
Copy link
Member

This has less relevance now given that we have clearly separated L4-L6 config (gateway) and L7 config (virtual services). And that the gateway could support multiple protocols (HTTP/TCP/Mongo/etc.) - which the ALB cannot.

Also, ALB ingress implies configuring AWS ALB directly instead of using Envoy for load balancing

kyessenov pushed a commit to kyessenov/istio that referenced this issue Aug 13, 2018
@qiwzhang
change envoy URL from lyft to envoyproxy. (istio#476)
4a493c0
@rverma-nikiai
Copy link

@rshriram With alb and aws CNI we can do load balancing on pod IPs directly. This gives multiple benefits( lower latency for sure) and deeper integration with other aws resources(Cognito, ACM, Target group alarms, etc).
If we use ALB directly and skip enovy load balancing over the publically exposed services what are the drawbacks.
Can we delegate a gateway creation to create an actual ingress such that we don't deal with the similar resources twice?

@rlenglet rlenglet removed this from the Nebulous Future milestone Jul 9, 2019
howardjohn pushed a commit to howardjohn/istio that referenced this issue Jan 12, 2020
@elfinhe @istio-testing
Exclude the overridden values when comparing the old with the new one…
4dbbaa5 
…s. (istio#476)

* Exclude the overridden values when comparing the old with the new ones.

* Add --show-overrides flag to show all changed values.

* Fix lint. Remove unused recursive params. Reorder flags.

* Remove empty lines between imports.

* Fix lint, reording imports.

* Move genOverlayICPS() to a better place, reducing imports in upgrade.go.

* Use the untranslated input as a mask

* Improve isPathInTree() func based on PR comments.

* Renaming test struct with more readable fields.

* Remove --show--overrides as it is a common use case to have seprate flag, and we already have method (profile diff) to archieve it.

* Use the existing name.GetFromTreePath() instead of duplicating tree traversals.

* Fix rebasing parameter change.

* Improve tests, and fix a bug for not matching the leaf path from overrides.
@haddadianhamed1
Copy link

I think this is beneficial because we can use AWS ALB with WAF

luksa pushed a commit to luksa/istio that referenced this issue Sep 20, 2022
@maistra-bot
Automator: Update proxy (istio#476)
a50d9f3 
Co-authored-by: maistra-bot <null>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rshriram rshriram

Labels
area/environments area/networking
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
8 participants
@rlenglet @ZackButcher @ldemailly @mclarke47 @rshriram @louiscryan @haddadianhamed1 @rverma-nikiai