I want to create my own ingress gateway with Istio. Here's my intention:
traffic on 4000 > my-gateway > my-virtualservice > web service (listening on 4000)I've deployed the following YAML:
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: my-gateway
spec:
selector:
istio: ingressgateway
servers:
- port:
number: 4000
name: http
protocol: HTTP
hosts:
- "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: my-virtualservice
spec:
hosts:
- "*"
gateways:
- my-gateway
http:
- route:
- destination:
host: web
port:
number: 4000This doesn't work, but changing the gateway port number: 4000 to number: 80 does work. Presumably because the istio-ingressgateway is open on 80.
Which leads me to believe that this chain is actually:
traffic on 4000 > my-gateway > my-virtualservice > istio-ingressgateway > web service
I assume I can fix this by opening 4000 on the istio-ingressgateway but doesn't that defeat the point of creating a custom gateway?
I thought the whole point of creating my-gateway was to avoid using the istio-ingressgateway?
Help me understand! :D
Traffic Flow: Clent -> LoadBalancer(Ingress Gateway Service) -> Ingress Gateway Envoy -> Sidecar Envoy for your application -> Your application.
The ingress gateway is an envoy deployed at the edge of a Kubernetes cluster. All incoming request(HTTP, TCP) to the services inside the cluster arrives at the ingress gateway.The Gateway and Virtual Service kind is what lets you configure Envoy proxy of the ingress gateway.
Creating a gateway object does not really deploy a new gateway,it just configures the same envoy proxy running as the ingress gateway.
Here is a good reference