Hi,
I need to be able to whitelist client IPs for my service, and I wasn’t able to do this with Istio’s IngressGateway, so I added my ingress-nginx back in. Do I need Istio’s ingressgateway for anything? Do I lose anything by using Nginx instead of Istio for ingress to my cluster?
For example, will the Jaeger distributed tracing work?
One thing you lose is that you are not getting an Envoy based proxy. Istio, Ambassador and Contour are all Envoy based. Secondly you lose the mutualtsl provided by Istio via the side car pattern. There are other ways to implement tls but the side car approach is highly regarded.
I am still using Istio’s VirtualServices and DestinationRules, so I should have sidecars. The way I am trying it now is to have my Ingress objects point to the Istio ingressgateway, like so:
nginx.ingress.kubernetes.io/service-upstream: "true"
nginx.ingress.kubernetes.io/upstream-vhost: istio-ingressgateway.istio-system
I was just wondering if I lose anything by having ingress-nginx in front of the Istio ingressgateway, or if I need Istio-ingressgateway at all.