Configure ingress gateways

Learn to use Gloo Mesh Gateway for incoming network traffic, also called “ingress,” “edge,” or “north-south” traffic.

By using Gloo Mesh Gateway for north-south routing, you can use the Gloo Mesh management plane to configure ingress gateways and routes across multiple clusters and service meshes in your environment. This allows you to configure your north-south routing setup alongside your east-west microservice routing, and use the Gloo Mesh observability suite to monitor all traffic flows in your environment.

Before you begin

  1. Make sure that you have a Gloo Mesh Gateway license key, or contact an account representative.
  2. Review the example architectures to decide how to set up your ingress gateways.
  3. Install Gloo Mesh with your gateway license instead of a standard Gloo Mesh Enterprise license. To install Gloo Mesh, you might use one of the following guides.
  4. Save the cluster names and Kubernetes contexts as the following environment variables.
    export MGMT_CLUSTER=mgmt-cluster
    export REMOTE_CLUSTER1=cluster-1
    export REMOTE_CLUSTER2=cluster-2
    export MGMT_CONTEXT=mgmt-cluster
    export REMOTE_CONTEXT1=cluster-1
    export REMOTE_CONTEXT2=cluster-2
    

Install Istio ingress gateway profile

Commonly, the Istio ingress gateway, which is exposed by a Kubernetes load balancer service, is the targeted listener in north-south routing configurations. The Istio ingress gateway operates at the edge of the mesh for incoming (ingress) and outgoing (egress) connections.

  1. Decide on the ingress gateway setup that you want to deploy.
    • Can I use any gateway deployment? You can use a gateway that is based off the Istio image, or the Solo-provided Istio image. However, to unlock advanced Gloo Mesh Gateway features based on custom Envoy extensions, such as XSLT tranformations, you must use the Solo Istio image.
    • Can I see an example? Istio provides example gateway configurations that you can use, or you can use the following Gloo Mesh example ingress-gateway deployment (Istio version 1.13).
    • Do I have to manage the gateway? The example uses an Istio operator plus auto-injection of the Envoy sidecar to simplify lifecycle management. When you need to upgrade the Istio version or configuration, you can update the Istio operator resource. Then, the operator applies the corresponding configuration upgrades to the resources that it manages for you. Because the ingress gateway also uses auto-injection, the operator can upgrade the gateway with a simple restart.
  2. Deploy Istio with the ingress gateway setup that you want to use. Make sure to install the Bookinfo sample app to test your setup. Choose from the following options: