A naukri.com initiative
Medium
1M
59
Demistifying Istio Gateways
- Istio gateways are Envoy proxies through which all incoming and outgoing traffic of the mesh passes. Istio uses Ingress or Egress gateways for installation of the control plane, which is done either through the CLI or deploying gateways with IstioOperator resource. To configure the gateways, Gateway CRD (Custom Resource Definition) is used. This is simply a set of configurations that are applied to the gateway pods. VirtualServices are used to expose services outside the mesh. In the basic case, a gateway is needed to be exposed through VirtualService on port 80 and HTTP protocol. The Gateway resource listens to requests that come from inside the mesh and VirtualService routes traffic from there.
- TLS certificates are used to secure the workload and must be placed in a TLS Kubernetes secret. The same configuration is adapted in the case of mTLS mode for TLS origination and it is used to validate the client's integrity. A ServiceEntry is created for egress gateways to close outbound traffic to endpoints outside the mesh. Metrics and logs monitoring is facilitated through gateways too. Istio gateways can be used to ensure that all traffic passes through a single point in the system, offer features that make your life easier, like certificate and TLS configuration.
Read Full Article
3 Likes
For uninterrupted reading, download the app