We are trying to setup a hybrid cluster on Anthos GKE. The Anthos setup went fine (we think) and we were able to install the apigee component, create a proxy, and deploy it to the cluster. The one thing that doesn't work (and it's a pretty important thing) is the ingress.

When we installed anthos we had to install with manual load balancing mode enabled because we didn't want GKE to provision the F5 load balancer. So we created vips and set aside nodeports:

https://cloud.google.com/anthos/gke/docs/on-prem/how-to/manual-load-balance

We did the same for apigee istio-ingressgateway service. I noticed there is no manual lb mode in the apigee override file so I went ahead and installed it, then changed the https node port to the port we had set aside and configured on the f5. We installed the cert as directed on both the f5 and the apigee hybrid install.

As I mentioned we deployed a simple proxy. When trying through the ingress from our jump box I always get a connection reset by peer or errno 104.

I can access the proxy if I go directly to the runtime container and curl localhost from there. I can curiously also do it if I go to the VM that the container lives on and curl the exact same ingress url. I have our network team looking but the network should be exactly the same on our jump box as our runtime VM.

Is there any "trick" to getting manual lb mode to work with apigee hybrid?