Right now we have more than 10 ingress deployments in our infra. but By istio repo, we can create only one so we created another helm chart based on this ingress chart and by some loop, we can create as many ingresses as we want by one values.yaml.
I think that would be nice if we can create multiple ingress resources with one values.yaml.
If this is desirable I can create a pull request based on this feature.
based on my experience, managing multiple gateways on single values.yaml / istioOperator file is not recommended.
there are several issues like lifecycle management is combined with another gateway, for example, if you want to do something with gateway A, there will be change that gateway B also affected.
Thank you for responding.
In general, all gateways have a lot of common values but for sure in some cases, we need a different configuration. I think we can handle this issue in the helm chart.
I’ve setup my ingress as two different configurations. One handles the istio-ingress deployment, setting up the loadbalancer and the corresponding hostnames (via external-dns). The other handles the gateways and virtualservices.
The chart for gw/vs is extremelly simple. It was done just for version control. It can be done in other ways, with argo cd or other tools that controls the manifests versions.
Here’s an example:
dmz.yaml
gateway:
selector:
istio: ingressgateway-apps
servers:
- hosts:
- "api.homolog.internal.domain"
port:
name: https
number: 443
protocol: HTTP
virtualservice:
hosts:
- "api.homolog.internal.domain"
http:
- name: "logr"
match:
- uri:
regex: /api/(v1|v2)/logr/report
route:
- destination:
host: logr.logr.svc.cluster.local
port:
number: 80
- name: "inside-gateway"
match:
- uri:
regex: /(docs|admin|api|resources)/(v1|v2)/.*
route:
- destination:
host: inside-gateway.inside-gateway.svc.cluster.local
port:
number: 80
teste.yaml
gateway:
selector:
istio: ingressgateway-apps
servers:
- hosts:
- "api2.homolog.internal.domain"
port:
name: https
number: 443
protocol: HTTP
- hosts:
- "api2.homolog.internal.domain"
port:
name: http
number: 80
protocol: HTTP
virtualservice:
hosts:
- "api2.homolog.internal.domain"
http:
- name: "logr"
match:
- uri:
regex: /api/(v1|v2)/logr/report
route:
- destination:
# Precisa ser fqdn
host: logr.logr.svc.cluster.local
port:
number: 80
- name: "inside-gateway"
match:
- uri:
regex: /(docs|admin|api|esources)/(v1|v2)/.*
route:
- destination:
host: new-inside-gateway.inside-gateway.svc.cluster.local
port:
number: 80
Chart templates:
templates/virtualservice.yaml
{{- if .Values.virtualservice }}
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: {{ include "ingress-config.fullname" . }}
spec:
gateways:
- {{ include "ingress-config.fullname" . }}
{{- .Values.virtualservice | toYaml | nindent 2 }}
{{- end }}
templates/gateway.yaml
{{- if .Values.gateway }}
apiVersion: networking.istio.io/v1beta1
kind: Gateway
metadata:
name: {{ include "ingress-config.fullname" . }}
spec:
selector:
{{- .Values.gateway.selector | toYaml | nindent 4 }}
servers:
{{- .Values.gateway.servers | toYaml | nindent 4 }}
{{- end }}
I’m using helmfile to control the multiple configurations:
helmDefaults:
tillerless: true
wait: true
timeout: 900
atomic: true
createNamespace: false
templates:
default: &default
chart: ./istio-ingress-config
dmz: &dmz
<<: *default
name: "ingress-dmz"
namespace: "dmz-gateway"
teste: &teste
<<: *default
name: "ingress-teste"
namespace: "dmz-gateway"
releases:
- <<: *teste
values:
- values/teste.yaml
- <<: *dmz
values:
- values/dmz.yaml
I hope this helps.
@sergiomacedo Thanks for your response.
Actually, we are using helmfile too but imagine at large scale env with hundreds of teams and namespaces we need more ingresses. And with helmfile I need a new file for each team. Right now by creating a new chart, I could handle all of them in one file.