Description

In this tutorial, we'll show you how to expose a product page service through a virtual gateway using the powerful combination of Gloo Mesh and Istio. The virtual gateway allows us to consolidate multiple clusters and efficiently manage services across various environments.

First, we create the virtual gateway, which is translated into the corresponding Istio Gateway object by Gloo Mesh. We select the Ingress Gateway of cluster one and configure it to listen on Port 80 for incoming traffic. Keep in mind that you can have a virtual gateway composed of multiple gateways from different clusters if you need to expose the same service in multiple clusters.

Routing delegation is another key feature of the virtual gateway. We demonstrate two approaches: allowing any route table to be attached or defining specific rules for delegating domains to corresponding workspaces. This enables fine-grained control over different paths, catering to the requirements of various teams.

Additionally, we showcase creating a route table in the same Istio gateway's namespace. The Gateway team can attach their route table to the virtual gateway, specifying paths that will be used by different teams. For example, you can delegate specific prefixes, ensuring clear separation of resources.

Next, we demonstrate how the bookinfo team creates a sub-route table with more granularity. They can define matches for '/product page' requests, '/static' resources, or any other paths required to access the product page service.

Gloo Mesh efficiently translates all configurations into corresponding Istio resources, creating the Istio Gateway resource to listen on Port 80, along with the Ingress Gateway, and a virtual service with defined matches.

While we currently access applications through HTTP, we understand that secure communication is crucial. Hence, we proceed to create a self-signed certificate (please note that in production, proper certificates should be used). You can also automate this process using tools like Vault or cert manager.

With the self-signed certificate in place, we update the virtual gateway configuration to listen on HTTPS (Port 443) and enable HTTP-to-HTTPS redirection. This ensures all traffic is secure and redirects users to the HTTPS version even if they try to access the HTTP version.

Join us in this tutorial to master the art of exposing services through virtual gateways with Gloo Mesh and Istio. It's a powerful approach to efficiently manage services in distributed and scalable applications. Don't forget to subscribe to our channel for more exciting tutorials on modern infrastructure technologies!