Control traffic two Ingress Gateways

thiago.bezerra · August 6, 2019, 5:17pm

I’m currently using Istio 1.2.2 on GKE with two Ingress Gateways.

I’m wondering what’s the best way control traffic (RBAC/Whitelist/etc) as my destination is the same GKE Cluster and same namespace:

Public Users (0.0.0.0/0) —> GCP_TPC_LB_01 (external-ip-01) --> GKE Cluster --> Istio_GW_01 --> VirtualService_SVC_01 --> K8S_SVC_01

Private Users (1.2.3.4/28) —> GCP_TPC_LB_02 (external-ip-02) --> GKE Cluster --> Istio_GW_02 --> VirtualService_SVC_02 --> K8S_SVC_02

If I create a firewall rule on GCP_TPC_LB_01 allowing 0.0.0.0/0 Ingress it will allow GCP_TPC_LB_02 too.

I used helm template to install it:

helm template install/kubernetes/helm/istio --name istio
–set grafana.enabled=true
–set prometheus.enabled=true
–set tracing.enabled=true
–set kiali.enabled=true
–set “kiali.dashboard.jaegerURL=https://xyz.com”
–set “kiali.dashboard.grafanaURL=https://xyz.com”
–set gateways.istio-ingressgateway.sds.enabled=true
–set gateways.istio-ingressgateway.loadBalancerIP=“my external ip”
–set gateways.istio-ingressgateway.loadBalancerSourceRanges={“0.0.0.0/0”}
–set global.proxy.accessLogFile="/dev/stdout"
–namespace istio-system
–values …istio-ingressgateway02.yaml > output.yaml

Topic		Replies	Views
Services istio-ingressgateway and istio-ingress	7	1076	February 14, 2019
Kubernetes Gateway API - advanced traffic control	0	276	January 31, 2023
[unsolved][Istio 1.1.1] How to setup k8s ingress resources properly Config	1	2568	April 1, 2019
Internal traffic with VirtualService and DestinationRule Networking	2	3537	September 11, 2019
Istio without Gateway with nginx-ingress	7	9750	January 8, 2022

Control traffic two Ingress Gateways

Related Topics