Integrating Gateway with Service Mesh¶
This article describes how to integrate the DCE 5.0 cloud-native gateway with a service mesh, allowing access to services within the service mesh through the gateway. This integration enables the use of all traffic management capabilities of the service mesh, such as virtual services and destination rules.
Current Situation¶
Currently, the DCE 5.0 cloud-native gateway uses Contour as the control plane and does not synchronize policies with Istio. When accessing services within the service mesh through the cloud-native gateway, the gateway API directly connects to the services within the mesh. However, without synchronizing Istio's policies, the capabilities of the service mesh, such as virtual services and destination rules, cannot be applied, resulting in a lack of mesh capabilities.
Integration Approach¶
The approach is to allow the cloud-native gateway to access services within the mesh through Istio's sidecar, thereby applying Istio's rules.
Steps¶
-
When creating the cloud-native gateway, enable sidecar injection.
-
Set the annotation
traffic.sidecar.istio.io/includeInboundPorts: ""for the pods.This prevents Istio from processing inbound traffic, reducing performance overhead.
-
Add the
--base-id 10parameter to the Envoy startup parameters to allow two Envoy instances within the same namespace, preventing conflicts.
-
When adding an API under the gateway, set the
Hostrequest header.This allows the gateway to access services in other clusters through the sidecar in a multi-cluster scenario, enabling cross-cluster load balancing.
-
Configure the resources for the gateway sidecar in the service mesh module, ensuring that it is not lower than the default resource configuration of the cloud-native gateway (1 core, 1 GB).
Demonstration¶
After completing the above configurations, access services through the gateway domain. Each request should be directed to a different service in different clusters, indicating that the gateway can access services across clusters.
