Creating an ingress gateway

Instead of using a controller to load balance traffic, Istio uses a gateway. Let's perform the following steps to create an Istio ingress gateway for our example application: 

  1. Review the content of the minio.yaml file in the examples directory in src/chapter7/lb and deploy it using the following command. This will create a StatefulSet and a service where the MinIO port is exposed internally to the cluster via port number 9000. You can also choose to apply the same steps and create an ingress gateway for your own application. In that case, skip to Step 2:
$ kubectl apply -f minio.yaml
  1. Get the ingress IP and ports:
$ export INGRESS_HOST=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')
$ export INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="http2")].port}')
$ export SECURE_INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="https")].port}')
  1. Create a new Istio gateway:
$ cat <<EOF | kubectl apply -f -
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: minio-gateway
spec:
selector:
istio: ingressgateway
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "*"
EOF

  1. Create a new VirtualService to forward requests to the MinIO instance via the gateway. This helps specify routing for the gateway and binds the gateway to the VirtualService:
$ cat <<EOF | kubectl apply -f -
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: minio
spec:
hosts:
- "*"
gateways:
- minio-gateway.default
http:
- match:
- uri:
prefix: /
route:
- destination:
port:
number: 9000
host: minio
EOF

This configuration will expose your services to external access using Istio, and you will have more control over rules.