F5 BIG-IP 부하 분산기를 사용하여 VMware용 Google Distributed Cloud(소프트웨어 전용)에 대한 외부 IP 주소 구성
VMware용 Google Distributed Cloud(소프트웨어 전용)의 기본 Cloud Service Mesh 설치에서는 LoadBalancer 서비스에 외부 IP 주소가 자동으로 할당된다고 가정합니다.
F5 BIG-IP 부하 분산기를 사용하는 VMware용 Google Distributed Cloud(소프트웨어 전용)의 경우에는 해당되지 않습니다.
이로 인해 서비스 메시 구성에 따라 하나 이상의 외부 IP 주소를 할당해야 합니다.
Cloud Service Mesh 인그레스 게이트웨이 리소스의 외부 IP 주소 1개(예: 고객이 인터넷을 통해 워크로드에 액세스하는 데 사용하는 게이트웨이)입니다.
서비스 메시 내의 서로 다른 네트워크에 있는 경우 서로 통신할 수 있도록하는 클러스터의 다른 외부 IP 주소입니다. 이를 east-west 게이트웨이라고 합니다.
예를 들어 이름이 http2인 서비스 포트에는 port 80 및 nodePort 31380이 있습니다. 사용자 클러스터의 노드 주소가 192.168.0.10, 192.168.0.11, 192.168.0.12이고 부하 분산기의 VIP가 203.0.113.1이라고 가정합니다.
203.0.113.1:80으로 전송된 트래픽이 192.168.0.10:31380, 192.168.0.11:31380 또는 192.168.0.12:31380으로 전달되도록 부하 분산기를 구성합니다. 이 주어진 VIP에 노출할 서비스 포트를 선택할 수 있습니다.
인그레스 게이트웨이에 외부 IP 주소가 할당되어 있는지 확인합니다. 예상 결과가 나올 때까지 이 명령어를 반복해야 하는 약간의 지연이 있을 수 있습니다.
kubectl --context="${CTX_CLUSTER1}" get svc istio-ingressgateway -n istio-system
예상되는 출력은 다음과 같습니다.
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
istio-ingressgateway LoadBalancer 10.80.6.124 34.75.71.237 ... 51s
예를 들어 이름이 http2인 서비스 포트에는 port 80 및 nodePort 31380이 있습니다. 사용자 클러스터의 노드 주소가 192.168.0.10, 192.168.0.11, 192.168.0.12이고 부하 분산기의 VIP가 203.0.113.1이라고 가정합니다.
203.0.113.1:80으로 전송된 트래픽이 192.168.0.10:31380, 192.168.0.11:31380 또는 192.168.0.12:31380으로 전달되도록 부하 분산기를 구성합니다. 이 주어진 VIP에 노출할 서비스 포트를 선택할 수 있습니다.
east-west 게이트웨이에 외부 IP 주소가 할당되어 있는지 확인합니다. 예상 결과가 나올 때까지 이 명령어를 반복 실행해야 하는 약간의 지연이 있을 수 있습니다.
kubectl --context="${CTX_CLUSTER1}" get svc istio-eastwestgateway -n istio-system
예상되는 출력은 다음과 같습니다.
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
istio-eastwestgateway LoadBalancer 10.80.6.124 34.75.71.237 ... 51s
[[["이해하기 쉬움","easyToUnderstand","thumb-up"],["문제가 해결됨","solvedMyProblem","thumb-up"],["기타","otherUp","thumb-up"]],[["이해하기 어려움","hardToUnderstand","thumb-down"],["잘못된 정보 또는 샘플 코드","incorrectInformationOrSampleCode","thumb-down"],["필요한 정보/샘플이 없음","missingTheInformationSamplesINeed","thumb-down"],["번역 문제","translationIssue","thumb-down"],["기타","otherDown","thumb-down"]],["최종 업데이트: 2025-09-04(UTC)"],[],[],null,["# Configure external IP addresses for Google Distributed Cloud (software only) for VMware with F5 BIG-IP load balancers\n=====================================================================================================================\n\n| **Note:** This guide only supports Cloud Service Mesh with Istio APIs and does not support Google Cloud APIs. For more information see, [Cloud Service Mesh overview](/service-mesh/v1.24/docs/overview).\n| **Note:** This feature is not supported on managed Cloud Service Mesh\n\nThe default Cloud Service Mesh installation on Google Distributed Cloud (software only) for VMware assumes that\nexternal IP addresses are automatically allocated for `LoadBalancer` services.\nThis is not true for Google Distributed Cloud (software only) for VMware with F5 BIG-IP load balancers.\nBecause of this, you need to allocate one or more external IP addresses,\ndepending on your service mesh configuration:\n\n- One external IP address for the Cloud Service Mesh ingress Gateway resource, for example the gateway that your customers use to access your workloads from across the internet.\n- Another external IP address for your clusters to communicate with each other if they exist on different networks within your service mesh. This is referred to as the east-west gateway.\n\nConfiguring the ingress gateway IP address\n------------------------------------------\n\nTo configure an external IP address for the ingress gateway, follow the\ninstructions in one of these sections, depending on your\n[Google Distributed Cloud (software only) for VMware load balancing mode](/anthos/clusters/docs/on-prem/1.9/how-to/setup-load-balance):\n\n### Integrated mode\n\n- Patch the `istio-ingressgateway` Service's configuration with the external IP address for the ingress gateway: \n\n ```\n kubectl patch svc istio-ingressgateway -n istio-system --type='json' -p '[{\"op\": \"add\", \"path\": \"/spec/loadBalancerIP\", \"value\": \"INGRESS_GATEWAY_IP\"}]'\n ```\n\n### Manual mode\n\n- View the `istio-ingressgateway` service's configuration in your shell: \n\n ```\n kubectl get svc -n istio-system istio-ingressgateway -o yaml\n ```\n Each of the ports for Cloud Service Mesh's gateways are displayed. The command output is like the following: \n\n ```\n ...\n ports:\n - name: status-port\n nodePort: 30391\n port: 15020\n protocol: TCP\n targetPort: 15020\n - name: http2\n nodePort: 31380\n port: 80\n protocol: TCP\n targetPort: 80\n - name: https\n nodePort: 31390\n port: 443\n protocol: TCP\n targetPort: 443\n - name: tcp\n nodePort: 31400\n port: 31400\n protocol: TCP\n targetPort: 31400\n - name: https-kiali\n nodePort: 31073\n port: 15029\n protocol: TCP\n targetPort: 15029\n - name: https-prometheus\n nodePort: 30253\n port: 15030\n protocol: TCP\n targetPort: 15030\n - name: https-grafana\n nodePort: 30050\n port: 15031\n protocol: TCP\n targetPort: 15031\n - name: https-tracing\n nodePort: 31204\n port: 15032\n protocol: TCP\n targetPort: 15032\n - name: tls\n nodePort: 30158\n port: 15443\n protocol: TCP\n targetPort: 15443\n ...\n ```\n- Expose these ports through your load balancer. \n\n For example, the service port named `http2` has `port` 80 and `nodePort` 31380. Suppose the node addresses for your user cluster are `192.168.0.10`, `192.168.0.11`, and `192.168.0.12`, and your load balancer's VIP is `203.0.113.1`. \n\n Configure your load balancer so that traffic sent to `203.0.113.1:80` is forwarded to `192.168.0.10:31380`, `192.168.0.11:31380`, or `192.168.0.12:31380`. You can select the service ports that you want to expose on this given VIP.\n\nConfirm that the ingress gateway was assigned an external IP address. There\nmight be a slight delay that requires you to repeat this command until you\nsee the expected result:\n\n\u003cbr /\u003e\n\n```\nkubectl --context=\"${CTX_CLUSTER1}\" get svc istio-ingressgateway -n istio-system\n```\n\n\u003cbr /\u003e\n\nThe expected output is:\n\n\u003cbr /\u003e\n\n```\nNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE\nistio-ingressgateway LoadBalancer 10.80.6.124 34.75.71.237 ... 51s\n```\n\n\u003cbr /\u003e\n\nConfiguring the east-west gateway IP address\n--------------------------------------------\n\nTo configure an external IP address for the east-west gateway, follow the\ninstructions in one of these sections, depending on your\n[Google Distributed Cloud (software only) for VMware load balancing mode](/anthos/clusters/docs/on-prem/1.9/how-to/setup-load-balance):\n\n### Integrated mode\n\n- Patch the `istio-eastwestgateway` Service's configuration with the external IP address for the east-west gateway: \n\n ```\n kubectl patch svc istio-eastwestgateway -n istio-system --type='json' -p '[{\"op\": \"add\", \"path\": \"/spec/loadBalancerIP\", \"value\": \"EAST_WEST_GATEWAY_IP\"}]'\n ```\n\n### Manual mode\n\n- View the `istio-eastwestgateway` service's configuration in your shell: \n\n ```\n kubectl get svc -n istio-system istio-eastwestgateway -o yaml\n ```\n Each of the ports for Cloud Service Mesh's gateways are displayed. The command output is like the following: \n\n ```\n ports:\n - name: status-port\n nodePort: 31781\n port: 15021\n protocol: TCP\n targetPort: 15021\n - name: tls\n nodePort: 30498\n port: 15443\n protocol: TCP\n targetPort: 15443\n - name: tls-istiod\n nodePort: 30879\n port: 15012\n protocol: TCP\n targetPort: 15012\n - name: tls-webhook\n nodePort: 30336\n port: 15017\n protocol: TCP\n targetPort: 15017\n ...\n ```\n- Expose these ports through your load balancer. \n\n For example, the service port named `http2` has `port` 80 and `nodePort` 31380. Suppose the node addresses for your user cluster are `192.168.0.10`, `192.168.0.11`, and `192.168.0.12`, and your load balancer's VIP is `203.0.113.1`. \n\n Configure your load balancer so that traffic sent to `203.0.113.1:80` is forwarded to `192.168.0.10:31380`, `192.168.0.11:31380`, or `192.168.0.12:31380`. You can select the service ports that you want to expose on this given VIP.\n\nConfirm that the east-west gateway was assigned an external IP address. There\nmight be a slight delay that requires you to run repeat this command until you\nsee the expected result:\n\n\u003cbr /\u003e\n\n```\nkubectl --context=\"${CTX_CLUSTER1}\" get svc istio-eastwestgateway -n istio-system\n```\n\n\u003cbr /\u003e\n\nThe expected output is:\n\n\u003cbr /\u003e\n\n```\nNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE\nistio-eastwestgateway LoadBalancer 10.80.6.124 34.75.71.237 ... 51s\n```\n\n\u003cbr /\u003e\n\nWhat's next?\n------------\n\n- [Deploy the Online Boutique sample sample application](/service-mesh/v1.24/docs/onlineboutique-install-kpt)"]]