Consider large application: 50-100 services, >100 pods behind each, some living in distinct namespaces. What is the recommended deployment model for the Istio Ingress Gateway?
- Single Ingress Gateway for the entire Kubernetes cluster, distributing traffic to ALL services withing the mesh.
- Multiple Ingress Gateways, e.g., one per namespace or one per N services?
I noticed people deploying multiple gateways to isolate public/private traffic or in cases in which separate TLS/domain settings are imposed. However, never seen people doing it in per-namespace fashion.
I wonder if there are benefits in terms of performance, scalability, and configurability in having multiple gateways?
Is having a single gateway, scaled to a high extent, and handling the entire ingress traffic a good (and recommended) practice?
Does Istio provide stable support for the multiple-gateway model?