You can use the Nginx Ingress controller with or without Istio installed. If this is the only gateway to your cluster, Istio will be able to route traffic from service to service, but Istio will not be able to receive traffic from outside the cluster.

To allow Istio to receive external traffic, you need to enable Istio’s gateway, which works as a north-south proxy for external traffic. When you enable the Istio gateway, the result is that your cluster will have two Ingresses.

You will also need to set up a Kubernetes gateway for your services. This Kubernetes resource points to Istio’s implementation of the ingress gateway to the cluster.

You can route traffic into the service mesh with a load balancer or use Istio’s NodePort gateway. This section describes how to set up the NodePort gateway.

For more information on the Istio gateway, refer to the Istio documentation.

Enable an Istio Gateway

  1. From the Cluster Explorer, select Istio from the nav dropdown.
  2. Click Gateways in the side nav bar.
  3. Click Create from Yaml.
  4. Click Create.

Result: The gateway is deployed, and will now route traffic with applied rules

Example Istio Gateway

We add the BookInfo app deployments in services when going through the Workloads example. Next we add an Istio Gateway so that the app is accessible from outside your cluster.

  1. From the Cluster Explorer, select Istio from the nav dropdown.
  2. Click Gateways in the side nav bar.
  3. Click Create from Yaml.
  4. Copy and paste the Gateway yaml provided below.
  5. Click Create.

Then to deploy the VirtualService that provides the traffic routing for the Gateway

  1. Click VirtualService in the side nav bar.
  2. Click Create from Yaml.
  3. Click Create.

Result: You have configured your gateway resource so that Istio can receive traffic from outside the cluster.

Confirm that the resource exists by running:

The result should be something like this:

To get the ingress gateway URL and port,

  1. From the Cluster Explorer, Click on Workloads > Overview.
  2. Scroll down to the istio-system namespace.
  3. Within istio-system, there is a workload named istio-ingressgateway. Under the name of this workload, you should see links, such as .
  4. Click one of those links. This should show you the URL of the ingress gateway in your web browser. Append /productpage to the URL.

Result: You should see the BookInfo app in the web browser.

For help inspecting the Istio controller URL and ports, try the commands the

Troubleshooting

The suggests kubectl commands to inspect the correct ingress host and ingress port for external requests.

You can try the steps in this section to make sure the Kubernetes gateway is configured properly.

  1. From the Cluster Explorer, Click on Workloads > Overview.
  2. Scroll down to the istio-system namespace.
  3. Within istio-system, there is a workload named istio-ingressgateway. Click the name of this workload and go to the Labels and Annotations section. You should see that it has the key and the value ingressgateway. This confirms that the selector in the Gateway resource matches Istio’s default ingress controller.