Expose apps with an ingress gateway
Send requests to apps from outside your ambient mesh setup by deploying an ingress gateway.
The options to deploy an ingress gateway vary based on the traffic management API that you want to use. Note that although you can use either the Kubernetes Gateway API or the Istio API, the Kubernetes Gateway API is the recommended method for ambient service meshes. Many Gloo Mesh guides, such as setting up multicluster peering for a cross-cluster ambient mesh, use the Kubernetes Gateway API only.
Kubernetes Gateway API
To use the Kubernetes Gateway API custom resources to configure traffic management in your service mesh, you can deploy Gateway resources that expose your services. Note that using the Kubernetes Gateway API is the recommended method for ambient service meshes. For more information about using the Gateway API in Istio, see this blog post.
To set up an ingress gateway, you can use Gloo Gateway, or use the native Kubernetes Gateway API directly.
Gloo Gateway (recommended)
Use Gloo Gateway as the ingress gateway for your ambient mesh. Gloo Gateway is fully conformant with the Kubernetes Gateway API and extends its functionality with Solo’s custom Gateway APIs, such as RouteOption, VirtualHostOption, Upstreams, RateLimitConfig, or AuthConfig. These resources help to centrally configure routing, security, and resiliency rules for a specific component, such as a host, route, or gateway listener.
To get started, follow the Ingress to ambient mesh guide in the Gloo Gateway docs to integrate Gloo Gateway with your ambient mesh. This guide includes steps to expose the Bookinfo product page app on the gateway proxy.
Gloo Gateway as an ingress gateway is supported only for single-cluster ambient mesh setups, and cannot currently be used in multicluster ambient meshes.
Native Kubernetes Gateway API
To use the native Kubernetes Gateway API, you can follow the Gateways guide in the community ambient mesh docs.
Istio networking API
To use the classic Istio networking API to configure traffic management in your service mesh, you can deploy an Istio ingress gateway by using Helm.
This method is not recommended for ambient. Some features, such as using destination rules to define subsets, do not work across clusters in a multicluster ambient mesh setup.
To get started with the Istio networking API, deploy an Istio ingress gateway by using Helm, and use the Istio networking API resources, such as Istio Gateways and VirtualServices, to route to apps.
Next
- Control in-mesh traffic by creating a waypoint proxy.
- Launch the Gloo UI to review the Istio insights that were captured for your ambient setup. Gloo Mesh comes with an insights engine that automatically analyzes your Istio setups for health issues. These issues are displayed in the UI along with recommendations to harden your Istio setups. The insights give you a checklist to address issues that might otherwise be hard to detect across your environment. For more information, see Insights.
- When it’s time to upgrade your ambient mesh, you can perform a safe in-place upgrade by using the Gloo operator or Helm.