Confused about namespaces and istio gateways
I'm confused about the practicality of k8s namespaces and istio gateways.
Let's say that I have a cluster that runs the workloads of 3 teams. Each team has a deployment that deploys an API. The API looks like:
https://dev.mydomain.com/APIs/teamName
I want to create a namespace per team, so that all the workloads belonging to a team will end up in their own namespace.
How do I configure the istio gateway?!
For my understanding I need an istio gateway per namespace, but how k8s knows which gateway needs to be used since the host is the same for all of them?
For ensuring all the workloads belong to a team,you can create 3 different namespaces and deploy each workload in 3 different namespaces.
Let’s say I have created 3 namespaces:(I Am using GCP console)
@cloudshell:~ $ kubectl create namespace team-a
namespace/team-a created
@cloudshell:~$ kubectl create namespace team-b
namespace/team-b created
@cloudshell:~$ kubectl create namespace team-c
namespace/team-c created
Deployed the workloads in 3 namespaces:
So you will be having 3 API’s, Now create a istio gateway.
Instead of creating a istio gateway you can create 3 virtual services where a single Istio Gateway has the host dev.mydomain.com and routes the traffic to different VirtualServices based on the URL path. So try creating a virtual service for each team’s API.
Attaching best practices document for more information.
Edit :
As per this blog by Dave, reference the gateway using a namespace/gateway-name syntax in virtual service
- Error configuring TLS error: secret xxx does not exist
- Is there an imperative command to create daemonsets in kubernetes?
- Mongo DB deployment not working in kubernetes because processor doesn't have AVX support
- Nginx Ingress Controller - Failed Calling Webhook
- Easily detect deprecated resources on Kubernetes
- How to configure a Kubernetes Multi-Pod Deployment
- Difference between targetPort and port in Kubernetes Service definition
- Failed to load module script: Expected a JavaScript module script but the server responded with a MIME type of "text/html"
- Can't install Kubernetes on Vagrant
- How do I force Kubernetes to re-pull an image?
- no endpoints available for service \"kubernetes-dashboard\"
- Cannot install kubernetes helm chart Error: cannot re-use a name that is still in use
- helm error "Error: This command needs 2 arguments: release name, chart path"
- Helm --set with > as special Charcater at the end
- kubernetes dashboard (web ui) has nothing to display
- k8s CRD definition: 4 mutually exclusive optional fields
- failed calling webhook "vingress.elbv2.k8s.aws"
- Minikube with ingress example not working
- How to configure a kubernetes bare-metal ingress controller to listen to port 80?
- How to replicate the RuntimeDefault seccompProfile in Kubernetes to run in Docker?
- Add extra custom labels to existing helm chart
- Requirements for installing a Helm chart on a multi-cluster Kubernetes platform
- Can I guarantee the "kubernetes" Service will retain a consistent ClusterIP following cluster creation even if I attempt to modify or recreate it?
- Why should we set -XX:InitialRAMPercentage and -XX:MaxRAMPercentage to the same value for cloud environment?
- BadRequest error on deployment of yaml file
- How to switch kubectl clusters between gcloud and minikube
- How to find master node from worker node in Kubernetes
- Difference between deploying an app in kubernetes cluster and a normal droplet?
- Is "current-context" a mandatory key in a kubeconfig file?
- kubernetes cluster cant intilized