istio.io icon indicating copy to clipboard operation
istio.io copied to clipboard

Published 20 hours ago verified publisher icon istio

More details about the Manual deployment with the Gateway API?

Open mathieu-benoit opened this issue 2 years ago • 3 comments
trafficstars

In this doc: https://istio.io/latest/docs/tasks/traffic-management/ingress/gateway-api/#manual-deployment, it would be really great to elaborate on the details to make this working:

  • For the Gateway resource, could you clarify the gatewayClassName to use? Is it still istio? Or another one?
  • For the ingress gateway's Service, should it be ClusterIP or LoadBalancer. I'm asking because I don't see how the Gateway will have an IP address assigned otherwise when we do the addresses.type: Hostname?

On a concrete example, I'm with GKE, should I have something like this with 2 Gateways?

istio-gateway   gke-gateway                gke-l7-gxlb   xx.xx.xx.xx                                                 True         27m
istio-gateway   istio-gateway              istio         istio-ingressgateway.istio-gateway.svc.cluster.local:80         Unknown      104s

But then to which one my HTTPRoute should be attached?

mathieu-benoit avatar Oct 14 '23 13:10 mathieu-benoit

So I think I was able to make it working, here's how:

Manually deploy the Istio ingress gateway:

istio-gateway   service/istio-ingressgateway   ClusterIP
istio-gateway   deployment.apps/istio-ingressgateway

Deploy 2 Gateways:

istio-gateway   gke-gateway                gke-l7-gxlb   xx.xx.xx.xx
istio-gateway   istio-gateway              istio         istio-ingressgateway.istio-gateway.svc.cluster.local:80

And then add an HTTPRoute to bind the 2 Gateways:

apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
  name: istio-ingressgateway
  namespace: istio-gateway
spec:
  parentRefs:
  - kind: Gateway
    name: gke-gateway
    namespace: istio-gateway
  rules:
  - backendRefs:
    - kind: Service
      name: istio-ingressgateway
      port: 80

Finally, the Services that we want to add in our Mesh via the Gateway API need to be bound to the istio-gateway Gateway via an HTTPRoute:

cat << EOF | kubectl apply -f -
apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
  name: frontend
  namespace: onlineboutique
spec:
  parentRefs:
  - kind: Gateway
    name: istio-gateway
    namespace: gke-gateway
  rules:
  - backendRefs:
    - kind: Service
      name: frontend
      port: 80
EOF

mathieu-benoit avatar Oct 15 '23 19:10 mathieu-benoit

I am trying to do the same, but the documentation is still unclear.

@mathieu-benoit could you please provide the manifests for the Gateway?

dkravetz avatar Jul 18 '24 13:07 dkravetz

Here you are @dkravetz: https://medium.com/p/9d64c7009cd.

mathieu-benoit avatar Jul 18 '24 13:07 mathieu-benoit