Ingress
Send requests to apps from outside your ambient mesh setup by deploying an ingress gateway.
The options to deploy an ingress gateway vary based on the traffic management API that you want to use. Note that although you can use either the Kubernetes Gateway API or the Istio API, the Kubernetes Gateway API is the recommended method for ambient service meshes. Many Solo Enterprise for Istio guides, such as setting up multicluster peering for a cross-cluster ambient mesh, use the Kubernetes Gateway API only.
Kubernetes Gateway API
To use the Kubernetes Gateway API custom resources to configure traffic management in your service mesh, you can deploy Gateway resources that expose your services. Note that using the Kubernetes Gateway API is the recommended method for ambient service meshes. For more information about using the Gateway API in Istio, see this blog post.
To set up an ingress gateway, you can use Solo Enterprise for kgateway, or use the native Kubernetes Gateway API directly.
Solo Enterprise for kgateway (recommended)
Use Solo Enterprise for kgateway as the ingress gateway for your ambient mesh. Solo Enterprise for kgateway is fully conformant with the Kubernetes Gateway API and extends its functionality with Solo’s custom Gateway APIs, such as RouteOption, VirtualHostOption, Upstreams, RateLimitConfig, or AuthConfig. These resources help to centrally configure routing, security, and resiliency rules for a specific component, such as a host, route, or gateway listener.
To get started, follow the Ingress to ambient mesh guide in the Solo Enterprise for kgateway docs to integrate Solo Enterprise for kgateway with your ambient mesh. This guide includes steps to expose the Bookinfo product page app on the gateway proxy.
Using Solo Enterprise for kgateway as an ingress gateway to a single-cluster ambient mesh setup does not require a Solo Enterprise for kgateway license. However, using Solo Enterprise for kgateway as an ingress gateway to a multicluster ambient mesh requires an Enterprise level license key for both Solo Enterprise for Istio and Solo Enterprise for kgateway.
Native Kubernetes Gateway API
To use the native Kubernetes Gateway API, you can follow the Gateways guide in the community ambient mesh docs.
Istio networking API
To use the classic Istio networking API to configure traffic management in your service mesh, you can deploy an Istio ingress gateway by using Helm.
This method is not recommended for ambient. Some features, such as using destination rules to define subsets, do not work across clusters in a multicluster ambient mesh setup.
To get started with the Istio networking API, deploy an Istio ingress gateway by using Helm, and use the Istio networking API resources, such as Istio Gateways and VirtualServices, to route to apps.
Third-party ingress gateways
If you use a gateway solution in your cluster that is non-native to the Kubernetes Gateway API or the Istio networking API, such as an nginx ingress gateway, you can follow the Integrate third-party Gateway and Ingress controllers guide in the community ambient mesh docs. Note that this integrations cannot be used for cloud load balancers.
Next
- Control in-mesh traffic by creating a waypoint proxy.
- If you haven’t yet, install the Gloo management plane. The management plane inclues the Gloo UI, which allows you to review the Istio insights that were captured for your ambient setup. Solo Enterprise for Istio comes with an insights engine that automatically analyzes your Istio setups for health issues. These issues are displayed in the UI along with recommendations to harden your Istio setups. The insights give you a checklist to address issues that might otherwise be hard to detect across your environment. For more information, see Insights.
- When it’s time to upgrade your ambient mesh, you can perform a safe in-place upgrade by using the Gloo Operator or Helm.