I'm confused about the practicality of k8s namespaces and istio gateways.
Let's say that I have a cluster that runs the workloads of 3 teams. Each team has a deployment that deploys an API. The API looks like:
https://dev.mydomain.com/APIs/teamName
I want to create a namespace per team, so that all the workloads belonging to a team will end up in their own namespace.
How do I configure the istio gateway?!
For my understanding I need an istio gateway per namespace, but how k8s knows which gateway needs to be used since the host is the same for all of them?
For ensuring all the workloads belong to a team,you can create 3 different namespaces
and deploy each workload in 3 different namespaces.
Let’s say I have created 3 namespaces
:(I Am using GCP console
)
@cloudshell:~ $ kubectl create namespace team-a
namespace/team-a created
@cloudshell:~$ kubectl create namespace team-b
namespace/team-b created
@cloudshell:~$ kubectl create namespace team-c
namespace/team-c created
Deployed the workloads in 3 namespaces
:
So you will be having 3 API’s
, Now create a istio gateway.
Instead of creating a istio gateway you can create 3 virtual services
where a single Istio Gateway
has the host dev.mydomain.com and routes the traffic to different VirtualServices based on the URL path. So try creating a virtual service for each team’s API.
Attaching best practices document for more information.
Edit :
As per this blog by Dave, reference the gateway using a namespace/gateway-name syntax in virtual service