Route within one cluster

Use the ingress gateway to route incoming requests directly to a Kubernetes service within the same cluster.

For more information, see the following resources:

Before you begin

Configure a basic route table for direct routing to a Kubernetes service

  1. In the cluster where you deployed an instance of your app, create a virtual gateway. This virtual gateway selects the default Istio ingress gateway, which routes incoming traffic (north-south) to your service mesh.

    kubectl apply --context $REMOTE_CONTEXT1 -f- <<EOF
    apiVersion: networking.gloo.solo.io/v2
    kind: VirtualGateway
    metadata:
      name: ingress-gateway
      namespace: gloo-mesh
    spec:
      workloads:
        # Selects the istio ingress gateway in workload cluster 1
        - selector:
            labels:
              istio: ingressgateway
            cluster: ${REMOTE_CLUSTER1}
      listeners:
        # The port the ingress gateway listens on for incoming requests to route
        - port:
            number: 80
          http: {}
    EOF
    
  2. Save the external address of the Istio ingress gateway.

    
       export CLUSTER_1_INGRESS_ADDRESS=$(kubectl --context $REMOTE_CONTEXT1 get svc -n istio-system istio-ingressgateway -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
       echo $CLUSTER_1_INGRESS_ADDRESS
       
    
       export CLUSTER_1_INGRESS_ADDRESS=$(kubectl --context $REMOTE_CONTEXT1 get svc -n istio-system istio-ingressgateway -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')
       echo $CLUSTER_1_INGRESS_ADDRESS
       

  3. Ensure that the app is exposed by a Kubernetes service. In this example, the label app: single-app is used as the service selector. The service listens on port 3456 and forwards requests to port 9080.

    apiVersion: v1
    kind: Service
    metadata:
      labels:
        app: single-app
      name: single-app
      namespace: global
    spec:
      ports:
      - name: http
        port: 3456
        protocol: TCP
        targetPort: 9080
      type: ClusterIP
    
  4. Create a basic route table to route requests to your app's service. This resource allows you to define how requests to endpoints should be routed, and is translated to the Istio VirtualService resource. In this example route table, all requests to the /single-app path are routed to the single-app service.

    kubectl apply --context $REMOTE_CONTEXT1 -n global -f- <<EOF
    apiVersion: networking.gloo.solo.io/v2
    kind: RouteTable
    metadata:
      name: single-app-routes
      namespace: global
    spec:
      # Applies to any host; can indicate a specific domain
      hosts:
        - '*'
      # Selects the virtual gateway you previously created
      virtualGateways:
        - name: ingress-gateway
          namespace: gloo-mesh
          cluster: ${REMOTE_CLUSTER1}
      http:
        # Route for the single-app service
        - name: single-app
          # Prefix matching
          matchers:
          - uri:
              prefix: /single-app
          # Forwarding directive
          forwardTo:
            destinations:
              # Reference to Kubernetes service in this cluster
              - ref:
                  name: single-app
                  namespace: global
                  cluster: ${REMOTE_CLUSTER1}
                port:
                  number: 9080
                kind: SERVICE
    EOF
    
  5. Test the route to your app by curling the ingress gateway address and app path. For example, the following command appends /single-app for the sample app.

    curl http://$CLUSTER_1_INGRESS_ADDRESS/single-app
    

Example route table setup for BookInfo

If you do not have apps in an Istio service mesh to test with routing, you can complete the demo setup to install Gloo Mesh, Istio, and Bookinfo in your cluster. Then, follow Step 3: Expose the ingress gateway in the Multicluster federation and isolation with Bookinfo guide. These steps walk you through creating a virtual gateway and configuring a route table for the BookInfo services in cluster-1, which you can then test access to in your browser.

Next steps