Skip to content

Istio Gateway

An Istio Gateway is a Kubernetes custom resource that configures a load balancer to terminate TLS (HTTPS) and expose HTTP or HTTPS services at the edge of a Service mesh.^[samples/websockets/README.md]

Functionality

The primary role of a Gateway is to manage inbound traffic entering the mesh.^[samples/websockets/README.md] It operates at the boundary of the network, receiving external requests and forwarding them to the appropriate internal services based on routing rules defined in an accompanying [[VirtualService]].^[samples/websockets/README.md]

While VirtualService definitions control the routing logic (e.g., path-based routing), the Gateway defines the ports, protocols, and security settings required to receive the traffic initially.^[samples/websockets/README.md]

Traffic Management

In the context of traffic management, a Gateway is deployed using a manifest file (often named route.yaml or similar) which is applied to the cluster using kubectl create.^[samples/websockets/README.md]

Common use cases for configuring a Gateway include: * Enabling specific protocols such as HTTP or HTTPS. * Configuring TLS termination. * Allowing protocol upgrades, such as upgrading an HTTP connection to a [[WebSockets]] connection.^[samples/websockets/README.md]

Ingress IP and Ports

After deploying a Gateway and a VirtualService, external traffic is routed through the Ingress Gateway service.^[samples/websockets/README.md] To access the services exposed by the Gateway, users must determine the Ingress Gateway's external IP address and assigned ports.^[samples/websockets/README.md]

This typically involves querying the status of the Istio Ingress service (e.g., istio-ingressgateway) to find the EXTERNAL-IP or node port, which is then used as the destination host in the browser or API client.^[samples/websockets/README.md]

Sources

  • samples/websockets/README.md