4 Istio Gateway: getting traffic into your cluster
This chapter covers:
- Defining entry points into a cluster
- Routing ingress traffic to deployments in your cluster
- Securing ingress traffic
- Routing non HTTP/S traffic
As we’ll see throughout the rest of this book, Istio will allow us to solve some difficult challenges in service-to-service communication. For most of the book, we’ll assume a single cluster with a single Istio control-plane deployment, but in reality Istio’s capabilities are not limited to a single or homogeneous cluster. But even before we look at multi-cluster or hybrid deployments, we should understand how to connect different networks together. This chapter will consider two different networks: the cluster in which the service mesh is deployed and where user services are deployed, and anything outside of the cluster.
Figure 4.1. We want to connect networks: clients running outside of our cluster to services running inside our cluster
We will most likely run interesting services and applications inside our cluster. We will most likely have intra-service communication within the cluster and that’s where Istio shines. But what about those clients that are deployed or exist outside of the cluster? In this chapter, we’ll take a look at connecting those clients that live outside the cluster to services running inside the cluster.