Set up 1-3 GKE nodes with Kubernetes 1.10.5
Turn off Calico/NetworkPolicy
Install the Istio CLI
Use helm to install Istio into your cluster using the "webhook admission controller"
Edit namespaces.yml and add labels:
istio-injection: enabled
Use helm to deploy and optionally set operator.create=true
Run kubectl edit deploy -n openfaas gateway
- remove the security context from the operator Pod/container. This is because Istio needs to elevate privileges to inject its iptables rules. If you skip this then you'll get stuck at 0/1 replicas.
Now deploy the VirtualService and GW
cat <<EOF | istioctl create -f -
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: openfaas-gateway
spec:
selector:
istio: ingressgateway # use Istio default gateway implementation
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "*"
EOF
cat <<EOF | istioctl create -f -
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: openfaasgw
spec:
hosts:
- "*"
gateways:
- openfaas-gateway
http:
- route:
- destination:
port:
number: 8080
host: gateway.openfaas.svc.cluster.local
EOF
Find the IP of the Istio LoadBalancer and try the gateway UI / CLI.