Istio Ingress Gateways - Quick Questions

whatsupbuddy · December 4, 2019, 3:29am

Hey Guys simple question -

Background - I have one cluster running a bunch of microservices for development. They each have their own virtualservice and K8s service. The VS points to the istio-autogenerated-k8s-ingress gateway within istio-system.

Question
Should this be the way you operate? Or is the recommended path to have a gateway for each virtual service.

I have run it with one GW and VS per microservice in the past but havent really evaluated the pro’s and cons for the two methods.

Second Question - Can someone provide a simple summary to the purposes of the two default gateways in istio-system - ingressgateway & istio-autogenerated-k8s-ingress

Any info will be great to help clarify a bunch of questions we have along this Servicemesh journey.

111 · December 4, 2019, 5:53am

For Q1: one gateway POD can provide services for different VS. You can use different URI in VS to separate the usage. You also can associate different TLS cert in Gateway CR.

For Q2: The “istio-system-ingressgateway” is as example, application shall identify the ingress gateway instance by itself. istio-autogenerated-k8s-ingress is not recommended from my view.

whatsupbuddy · December 8, 2019, 10:44pm

Thanks 111,

So on Q1 - I get the Pod element. But in terms of the Gateway (my fault should have been clearer), does Istio / other users recommend leveraging a single gateway resource or run multiple ones for different purposes?

What would a use case be for multiple gateways?

Thoughts from anyone else?

Topic		Replies	Views
Recommendations on ingress/egress Gateways/VirtualService architectures Networking	1	607	October 9, 2020
Organizing VirtualServices and Gateways (x-post)	0	520	January 29, 2019
Multiple Istio Ingress Gateways	0	396	January 16, 2020
Dynamic Service Discovery: Istio as Gateway	0	381	August 15, 2022
Internal gateway Networking	0	314	April 20, 2020

Istio Ingress Gateways - Quick Questions

Related Topics