Intra-cluster routing
Use the ingress gateway to route incoming requests directly to a Kubernetes service within the same cluster.
For more information, see the following resources:
Before you begin
This guide assumes that you use the same names for components like clusters, workspaces, and namespaces as in the getting started. If you have different names, make sure to update the sample configuration files in this guide.
- Set up Gloo Mesh Gateway in a single cluster.
- Follow the other guides in this routing section to plan your routing table setup. For example, you might check out the path matching guide to decide how to match the incoming requests to your service paths, the redirect guide to set up any path or host rewrites, or the sub-table delegation guide to nest and sort multiple route tables. Note: Be sure that each route for one host is unique, such as by using prefix matching to determine which requests to the host should be forwarded to which destinations.
Configure a basic route table for direct routing to a Kubernetes service
When you apply the Gloo custom resources in this guide to your cluster, Gloo Mesh Gateway automatically checks the configuration against validation rules and value constraints. You can also run a pre-admission validation check by using the meshctl x validate resources command. For more information, see the resource validation overview and the CLI command reference.
If you have not already, create a virtual gateway in the same cluster as your app. This virtual gateway selects the default Istio ingress gateway, which routes incoming traffic (north-south) to your service mesh. For more information about setting up virtual gateways, see the gateway listener guides.
kubectl apply -f- <<EOF apiVersion: networking.gloo.solo.io/v2 kind: VirtualGateway metadata: name: istio-ingressgateway namespace: gloo-mesh spec: workloads: # Matches on 'spec.selector' labels for the ingress gateway service - selector: labels: istio: ingressgateway listeners: # The port the ingress gateway listens on for incoming requests to route - port: number: 80 http: {} EOFEnsure that the app is exposed by a Kubernetes service. In this example, the label
app: single-appis used as the service selector. The service listens on port 3456 and forwards requests to port 9080.apiVersion: v1 kind: Service metadata: labels: app: single-app name: single-app namespace: global spec: ports: - name: http port: 3456 protocol: TCP targetPort: 9080 type: ClusterIPCreate a basic route table to route requests to your app’s service. This resource allows you to define how requests to endpoints should be routed, and is translated to the Istio
VirtualServiceresource. In this example route table, all requests to the/single-apppath are routed to thesingle-appservice.kubectl apply -n global -f- <<EOF apiVersion: networking.gloo.solo.io/v2 kind: RouteTable metadata: name: single-app-routes namespace: global spec: # Applies to any host; can indicate a specific domain hosts: - '*' # Selects the virtual gateway you previously created virtualGateways: - name: istio-ingressgateway namespace: gloo-mesh http: # Route for the single-app service - name: single-app # Prefix matching matchers: - uri: prefix: /single-app # Forwarding directive forwardTo: destinations: # Reference to Kubernetes service in this cluster - ref: name: single-app namespace: global port: number: 9080 kind: SERVICE EOFSave the external address of the ingress gateway.
export INGRESS_GW_ADDRESS=$(kubectl get svc -n istio-system istio-ingressgateway -o jsonpath="{.status.loadBalancer.ingress[0]['hostname','ip']}") echo $INGRESS_GW_ADDRESSTest the route to your app by curling the ingress gateway address and app path. For example, the following command appends
/single-appfor the sample app.curl http://$INGRESS_GW_ADDRESS/single-app
Next steps
Now that you have basic routes set up, you can explore more advanced networking scenarios.
- Other routing actions: For HTTP routes, you can set up other actions besides forwarding requests. For example, you might check out the prefix matching guide to decide how to match the incoming requests to your service paths, the redirect guide to set up any path or prefix rewrites, or the sub-table delegation guide to nest and sort multiple route tables.
- Additional route settings: Configure additional route settings, such as weighted routing to version subsets or adding and removing headers.
- Policies: For more control over traffic behavior, apply traffic management, security, or resiliency policies to your service or route, such as for outlier detection, failover, fault injection, or keep alive connections.