We are looking for architecture guides, recommended patterns on how to get ingress and egress Gateways and VirtualServices setup across bunch of namespaces. Hesitation has to do with topologies of Gateways and VirtualServices and decision making, the whys, around that. Should we go with one/many in istio namespace, should we have one Gateway/VirtualService in every namespace, should we have one or many VirtualServices at all, and mos important - how and why we should consider different topologies.
Could not find much in the official istio documentation. There are some pros/cons by people here and there yet not much on decision making and recommended topologies.
For example, here - Istio-ingressgateway controller and namespaces
As a better solution design, you should create multiple ingress gateway in each namespace. All this gateways use/refer the same istio-ingressgateway deployed in
istio-sytemnamespace. The namespace should be a boundary/container fronted by gateway exposing different virtual services deployed along with destination rules and deployments.
This sounds good, yet does not covers the “whys” and leaves one/many VIrtualServices pros/cons unanswered.
Could you recommend any doco on the above?