Control traffic two Ingress Gateways

I’m currently using Istio 1.2.2 on GKE with two Ingress Gateways.

I’m wondering what’s the best way control traffic (RBAC/Whitelist/etc) as my destination is the same GKE Cluster and same namespace:

Public Users ( —> GCP_TPC_LB_01 (external-ip-01) --> GKE Cluster --> Istio_GW_01 --> VirtualService_SVC_01 --> K8S_SVC_01

Private Users ( —> GCP_TPC_LB_02 (external-ip-02) --> GKE Cluster --> Istio_GW_02 --> VirtualService_SVC_02 --> K8S_SVC_02

If I create a firewall rule on GCP_TPC_LB_01 allowing Ingress it will allow GCP_TPC_LB_02 too.

I used helm template to install it:

helm template install/kubernetes/helm/istio --name istio
–set grafana.enabled=true
–set prometheus.enabled=true
–set tracing.enabled=true
–set kiali.enabled=true
–set “kiali.dashboard.jaegerURL=”
–set “kiali.dashboard.grafanaURL=”
–set gateways.istio-ingressgateway.sds.enabled=true
–set gateways.istio-ingressgateway.loadBalancerIP=“my external ip”
–set gateways.istio-ingressgateway.loadBalancerSourceRanges={“”}
–set global.proxy.accessLogFile="/dev/stdout"
–namespace istio-system
–values …istio-ingressgateway02.yaml > output.yaml