Skip to content

East-West Gateway

An East-West Gateway is a dedicated gateway deployment used in multicluster Istio configurations to handle traffic between services within the mesh (east-west traffic).^[400-devops__07-Monitoring-and-Observability__k8s-istio__samples__multicluster__README.md]

Purpose

The primary function of the East-West Gateway is to separate internal mesh traffic from external traffic. By dedicating a specific gateway for east-west traffic, the architecture prevents internal traffic from flooding the default north-south Ingress gateway, which is typically reserved for external client requests.^[400-devops__07-Monitoring-and-Observability__k8s-istio__samples__multicluster__README.md]

Deployment

The gateway is deployed to a primary cluster using a specific generation script and environment variables that define the mesh, cluster, and network context^[400-devops__07-Monitoring-and-Observability__k8s-istio__samples__multicluster__README.md]. The deployment requires the CLUSTER and NETWORK variables to match the values used during the control plane (istiod) deployment^[400-devops__07-Monitoring-and-Observability__k8s-istio__samples__multicluster__README.md].

The deployment process generally follows this flow^[400-devops__07-Monitoring-and-Observability__k8s-istio__samples__multicluster__README.md]: 1. Generate the gateway configuration using gen-eastwest-gateway.sh. 2. Use istioctl to generate the manifest. 3. Apply the manifest to the cluster using kubectl.

Usage in Multicluster Configurations

The East-West Gateway is a critical component for various multicluster topologies^[400-devops__07-Monitoring-and-Observability__k8s-istio__samples__multicluster__README.md].

Primary-Remote Configuration

In a Primary-Remote setup, the East-West Gateway is used to expose the control plane (istiod) service.^[400-devops__07-Monitoring-and-Observability__k8s-istio__samples__multicluster__README.md] This exposure allows remote clusters to access the centralized control plane located in the primary cluster^[400-devops__07-Monitoring-and-Observability__k8s-istio__samples__multicluster__README.md].

Multi-network Configuration

For clusters spanning different networks, the East-West Gateway facilitates cross-cluster load balancing^[400-devops__07-Monitoring-and-Observability__k8s-istio__samples__multicluster__README.md]. In this scenario, services are exposed through the gateway in each cluster to enable connectivity across network boundaries^[400-devops__07-Monitoring-and-Observability__k8s-istio__samples__multicluster__README.md].

Sources

  • 400-devops__07-Monitoring-and-Observability__k8s-istio__samples__multicluster__README.md