External access to Google Kubernetes Engine services using Istio-Ingress gateway

Question

I need to access services inside Google Kubernetes Engine standard private cluster using Istio.

My set up is as follows:

• Grafana service running on port 80.
• Istio virtual service listening on port 80.
• Istio Gatway listening on port 80.
• Istio-Ingress gateway that provision a GCP external LoadBalancer.

When I go to the LoadBalancer public IP, I can't access it.

resource "helm_release" "istio_ingress" {
  name       = "istio-ingressgateway"
  chart      = "gateway"
  repository = "https://istio-release.storage.googleapis.com/charts"
  namespace  = "istio-system"
  version    = "1.18.0" 
}
---
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name:  my-gateway
  namespace:  istio-system
spec:
  selector:
    istio: ingressgateway 
  servers:
  - port:
      number: 80
      name: tcp
      protocol: HTTP
    hosts:
    - "*"
    tls:
      httpsRedirect: false
  - port:
      number:  443
      name: https
      protocol: HTTPS
    tls:
      mode: SIMPLE
      credentialName: ${var.shared_domain_certificate_name}
    hosts:
    - "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: grafana
  namespace:   istio-system
spec:
  hosts:
  -   "*"
  gateways:
  -  istio-system/my-gateway
  http:
  - match:
    - uri:
        prefix: /
    route:
    - destination:
        host: grafana
        port:
          number: 80

Answer 1

As per Jakub, from a previous post. one working solution for Grafana is to set prefix to / and host to grafana. As an example

spec:
  hosts:
  - "grafana.example.com"
  gateways:
  - grafana-gateway
  http:
  - match:
    - uri:
        prefix: /
    route:
    - destination:
        host: grafana
        port:
          number: 80

Including as well the sample for VirtualService and Gateway

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: grafana-gateway
spec:
  selector:
    istio: ingressgateway
  servers:
  - port:
      number: 80
      name: http-grafana
      protocol: HTTP
    hosts:
    - "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: grafana-vs
spec:
  hosts:
  - "*"
  gateways:
  - grafana-gateway
  http:
  - match:
    - uri:
        prefix: /grafana/
    rewrite:
      uri: /
    route:
    - destination:
        host: grafana
        port:
          number: 80

Answer 2

I didn't understand everything. Are you trying to access an application outside of the cluster, or are you attempting to access Grafana?

To access the deployment, you need to create the Ingress resource in the cluster for Istio. Have you created it?

If you have, you can find it by running:

Kubectl get ing

Then, you will obtain the load balancer information. Use that load balancer to access the application.