Search code examples
kubernetesistioistio-gateway

Istio: single gateway and multiple VirtualServices (each one in a different namespace)

How can I setup a single gateway in Istio 1.9 and multiple VirtualServices (each one in a different namespace). I can't set one gateway to each virtualservice because browsers leverage HTTP/2 connection reuse to produce 404 errors.

If I follow these instructions it won't work because gateway and virtualservice can't be in different namespaces.

These are the manifest files:

APP1:

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: app1-gateway
  namespace: app1
spec:
  selector:
    istio: ingressgateway # use istio default controller
  servers:
  - port:
      number: 80
      name: http
      protocol: HTTP
    hosts:
    - "app1.example.com"
    tls:
      httpsRedirect: true # sends 301 redirect for http requests
  - port:
      number: 443
      name: https-app1
      protocol: HTTPS
    tls:
      mode: SIMPLE
      credentialName: sslcertificate
    hosts:
    - "app1.example.com"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: app1
  namespace: app1
spec:
  hosts:
  - "app1.example.com"
  gateways:
  - app1-gateway
  http:
  - match:
    - uri:
        prefix: /
    route:
    - destination:
        host: app1
        port:
          number: 80

APP2:

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: app2-gateway
  namespace: app2
spec:
  selector:
    istio: ingressgateway # use istio default controller
  servers:
  - port:
      number: 80
      name: http
      protocol: HTTP
    hosts:
    - "app2.example.com"
    tls:
      httpsRedirect: true # sends 301 redirect for http requests
  - port:
      number: 443
      name: https-app2
      protocol: HTTPS
    tls:
      mode: SIMPLE
      credentialName: sslcertificate
    hosts:
    - "app2.example.com"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: app2
  namespace: app2
spec:
  hosts:
  - "app2.example.com"
  gateways:
  - app2-gateway
  http:
  - match:
    - uri:
        prefix: /
    route:
    - destination:
        host: app2
        port:
          number: 80
Solution

  • To answer your question, because gateway and virtualservice can't be in different namespaces, actually they can be in a different namespaces.

    If it´s not in the same namespace as virtual service you just have to specify that namespace in your virtual service spec.gateways.

    Check the spec.gateways section

    apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: bookinfo-Mongo
  namespace: bookinfo-namespace
spec:
  gateways:
  - some-config-namespace/my-gateway # can omit the namespace if gateway is in same
                                       namespace as virtual service.

    apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: my-gateway
  namespace: some-config-namespace

    There is related istio documentation about that.