You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
title: Using Envoy and Istio for Ingress to Cloud Foundry
3
3
owner: Routing
4
-
---
4
+
---
5
+
6
+
## Deploying Cloud Foundry with Istio and Envoy
7
+
8
+
1. After you have deployed Cloud Foundry using cf-deployment, you can use an ops file to add the Istio routing tier. The ops file is available in the Cloud Foundry istio-release repo: https://github.com/cloudfoundry/istio-release/blob/master/deploy/cf-deployment-operations/add-istio.yml.
9
+
10
+
2. Once you deploy with the ops file, you can `bosh vms` to see the new VMs in your deployment: `istio-router`, `istio-control` and `cc-route-syncer`.
11
+
12
+
3. Follow the procedure below that corresponds to your use case:
13
+
* If you’ve deployed your CF on a BBL’d up BOSH director on GCP, you have the option of using a custom bbl-config to set up load balancers for GCP and don’t need to configure it manually. You can use this [bbl config](https://github.com/cloudfoundry/istio-release/tree/master/deploy/bbl-config) to re-BBL up your BOSH director. This will set up the load balancers to point to the istio-routers for you.
14
+
* Follow the steps in “Manually setting up a Load Balancer for Istio Ingress.”
15
+
16
+
### Manually setting up a Load Balancer for Istio Ingress
17
+
18
+
Once you’ve deployed a Cloud Foundry with the Istio routing tier, you must set up a new load balancer to communicate with the istio routers.
19
+
20
+
1. Create a LB with a static IP
21
+
1. Set up LB to have its backends configured to be the istio-router VMs. You can retrieve the IPs of the router VMs by running `bosh vms`.
22
+
1. Set up LB health check to port `8002` and path `/healthcheck`
23
+
1. Set up firewall rules for the load balancer to allow HTTP port `80`, TLS on `443`, and HTTP on `8002` for the healthcheck.
24
+
1. Create a new DNS name, such as `*.istio.CF-APPS-DOMAIN`, which resolves to the IP of a load balancer in front of the istio-router VMs.
25
+
26
+
This sets up a parallel routing plane as illustrated in the diagram below:
27
+
28
+
29
+
30
+
### Create a new domain for Istio routes
31
+
32
+
You will need to create a new domain dedicated to the Istio router. This way, routes pushed onto this domain will be handled by the Istio router, and in turn will have the capability to take advantage of Istio features, such as weighted routing.
33
+
34
+
On the CF CLI, create a new apps domain in CF matching the DNS name that was created when setting up your load balancers.
0 commit comments