Skip to content

Istio Ingress Gateway and VirtualService

Istio Ingress Gateway and VirtualService are configuration resources used within an Istio Service mesh to manage inbound external traffic. The Ingress Gateway operates at the boundary of the network, receiving incoming traffic, while the VirtualService defines the rules for how that traffic should be routed and handled, such as upgrading connections to use WebSockets.^[400-devops-07-monitoring-and-observability-k8s-istio-samples-websockets-readme.md]

Function and Purpose

An Ingress Gateway acts as the entry point for external traffic entering the mesh.^[400-devops-07-monitoring-and-observability-k8s-istio-samples-websockets-readme.md] It handles the reception of requests and works in conjunction with a VirtualService, which contains the specific routing logic.^[400-devops-07-monitoring-and-observability-k8s-istio-samples-websockets-readme.md] This routing logic can include advanced protocols features, such as upgrading a standard HTTP connection to a WebSocket connection.^[400-devops-07-monitoring-and-observability-k8s-istio-samples-websockets-readme.md]

Support for WebSocket upgrades via these routing rules was a feature added to the v1alpha3 routing rules after the release of Istio v0.8.0.^[400-devops-07-monitoring-and-observability-k8s-istio-samples-websockets-readme.md]

Configuration Workflow

To implement these resources, a user typically follows a workflow involving the application deployment and the application of configuration manifests:

  1. Application Deployment: The underlying application (Kubernetes Service and Deployment) is deployed.^[400-devops-07-monitoring-and-observability-k8s-istio-samples-websockets-readme.md] This can be done with manual sidecar injection using istioctl or with Automatic sidecar injection enabled on the namespace.^[400-devops-07-monitoring-and-observability-k8s-istio-samples-websockets-readme.md]
  2. Resource Application: The Gateway and VirtualService configurations are created, often by applying a route.yaml file.^[400-devops-07-monitoring-and-observability-k8s-istio-samples-websockets-readme.md]
  3. Access: Traffic is directed to the exposed Ingress Gateway IP and ports.^[400-devops-07-monitoring-and-observability-k8s-istio-samples-websockets-readme.md]

Sources

^[400-devops-07-monitoring-and-observability-k8s-istio-samples-websockets-readme.md]