Istio Ingress Gateways - Quick Questions

Hey Guys simple question -

Background - I have one cluster running a bunch of microservices for development. They each have their own virtualservice and K8s service. The VS points to the istio-autogenerated-k8s-ingress gateway within istio-system.

Should this be the way you operate? Or is the recommended path to have a gateway for each virtual service.

I have run it with one GW and VS per microservice in the past but havent really evaluated the pro’s and cons for the two methods.

Second Question - Can someone provide a simple summary to the purposes of the two default gateways in istio-system - ingressgateway & istio-autogenerated-k8s-ingress

Any info will be great to help clarify a bunch of questions we have along this Servicemesh journey.

For Q1: one gateway POD can provide services for different VS. You can use different URI in VS to separate the usage. You also can associate different TLS cert in Gateway CR.

For Q2: The “istio-system-ingressgateway” is as example, application shall identify the ingress gateway instance by itself. istio-autogenerated-k8s-ingress is not recommended from my view.

Thanks 111,

So on Q1 - I get the Pod element. But in terms of the Gateway (my fault should have been clearer), does Istio / other users recommend leveraging a single gateway resource or run multiple ones for different purposes?

What would a use case be for multiple gateways?

Thoughts from anyone else?