The software described in this documentation is either no longer supported or is in extended support.
Oracle recommends that you upgrade to a current supported release.
An Istio ingress gateway allows you to define entry points into the service mesh through which all incoming traffic flows. A ingress gateway allows you to manage access to services from outside the cluster. You can monitor and set route rules for the traffic entering the cluster.
This section contains a simple example to configure the
automatically created ingress gateway to an NGINX web server
application. The example assumes you have a load balancer
available at lb.example.com and is connecting
to the istio-ingressgateway service on
TCP port 31380.
You can get a list of the ports available with the
istio-ingressgateway service using:
$kubectl get svc istio-ingressgateway -n istio-systemNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE istio-ingressgateway LoadBalancer 10.100.106.173 <pending> 15020:30346/TCP,80:31380/TCP, 443:31390/TCP,31400:31400/TCP,15029:30235/TCP,15030:31293/TCP,15031:32585/TCP,15032:30816/TCP, 15443:30328/TCP 2d $kubectl describe svc istio-ingressgateway -n istio-system |grep http2Port: http2 80/TCP NodePort: http2 31380/TCP
The output here shows that the
istio-ingressgateway service is forwarding
requests from port 80 to port
31380.
The load balancer listener is set to listen on
HTTP port 80, which is the
port for the NGINX web server application used in the virtual
service in this example.
To set up an ingress gateway:
Create the deployment file to create the NGINX web server application. Create a file named
my-nginx.yml, containing:apiVersion: apps/v1 kind: Deployment metadata: labels: app: webserver name: my-nginx namespace: my-namespace spec: replicas: 3 selector: matchLabels: app: webserver template: metadata: labels: app: webserver spec: containers: - image: nginx name: my-nginx ports: - containerPort: 80Create a service for the deployment. Create a file named
my-nginx-service.ymlcontaining:apiVersion: v1 kind: Service metadata: labels: app: my-nginx name: webserver namespace: my-namespace spec: ports: - name: http port: 80 protocol: TCP targetPort: 80 selector: app: webserver type: ClusterIPCreate an ingress gateway for the service. Create a file named
my-nginx-gateway.ymlcontaining:apiVersion: networking.istio.io/v1alpha3 kind: Gateway metadata: name: my-nginx-gateway namespace: my-namespace spec: selector: istio: ingressgateway servers: - port: number: 80 name: http protocol: HTTP hosts: - "mynginx.example.com"Create a virtual service for the ingress gateway. Create a file named
my-nginx-virtualservice.ymlcontaining:apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: my-nginx-virtualservice namespace: my-namespace spec: hosts: - "mynginx.example.com" gateways: - my-nginx-gateway http: - match: - uri: prefix: / route: - destination: port: number: 80 host: webserverSet up a namespace for the application named
my-namespaceand enable automatic proxy sidecar injection.$
kubectl create namespace my-namespace$kubectl label namespaces my-namespace istio-injection=enabledRun the deployment, service, ingress gateway and virtual service:
$
kubectl apply -f my-nginx.yml$kubectl apply -f my-nginx-service.yml$kubectl apply -f my-nginx-gateway.yml$kubectl apply -f my-nginx-virtualservice.ymlYou can see the ingress gateway is running using:
$
kubectl get gateways.networking.istio.io -n my-namespaceNAME AGE my-nginx-gateway 33sYou can see the virtual service is running using:
$
kubectl get virtualservices.networking.istio.io -n my-namespaceNAME GATEWAYS HOSTS AGE my-nginx-virtualservice [my-nginx-gateway] [mynginx.example.com] 107sTo confirm the ingress gateway is serving the application to the load balancer, use:
$
curl -I -HHost:mynginx.example.com lb.example.com:80/HTTP/1.1 200 OK Date: Fri, 06 Mar 2020 00:39:16 GMT Content-Type: text/html Content-Length: 612 Connection: keep-alive last-modified: Tue, 03 Mar 2020 14:32:47 GMT etag: "5e5e6a8f-264" accept-ranges: bytes x-envoy-upstream-service-time: 15