Introduction
TOC
Introduction Ingress Gateway
The Ingress Gateway serves as the secure entry point for external traffic into the service mesh, providing:
- Centralized traffic management at mesh edge
- Advanced L4/L7 protocol support
- Decoupled traffic routing rules management
- Enhanced observability and security controls
Unlike Kubernetes Ingress, it enables granular traffic routing with service mesh capabilities while maintaining operational flexibility.
Advantages
-
Dual-Layer Architecture Tier1 manages external exposure rules while Tier2 handles service-level routing, preventing rule conflicts between infrastructure and application teams
-
Protocol Flexibility Supports HTTP/HTTPS/TCP traffic with mutual TLS encryption
-
Traffic Governance Enables canary releases and service routing for ingress traffic
-
Operational Decoupling Separates infrastructure routing (Tier1) from business routing (Tier2) management
Scenarios
-
Hybrid Cloud Traffic Management Unified entry point for multi-cloud deployments
-
Security-Sensitive Exposures Enforce WAF policies and rate limiting at edge
-
Canary Launch Coordination Implement phased rollouts combining gateway and service routing
-
Multi-Team Environments DevOps manages Tier1, App teams control Tier2 configurations
Limitations
- Requires Envoy proxy deployment at edge
- Tier1-Tier2 hierarchy needs predefined network topology
- L7 features require HTTP/HTTPS protocol selection
- TLS termination configuration separate from service policies