#Deploying Ingress Gateway

#Introduction

The Ingress Gateway deployment enables secure external access to service mesh resources by:

• Providing dedicated entry points for north-south traffic
• Supporting flexible exposure methods (LoadBalancer/NodePort)
• Enabling protocol-specific listener configurations
• Isolating gateway components from control plane

Core value: Safe and scalable ingress traffic management

#Features

• Multi-protocol listener support (HTTP/HTTPS/TCP)
• Shared/Dedicated gateway deployment modes
• Cloud provider LB integration (AWS ELB, MetalLB, etc.)
• NodePort fallback for bare-metal environments

#Gateway Deployment via LoadBalancer

#Step 1: Initiate Deployment

1. Navigate: Service Mesh > Gateway
2. Select target cluster
3. Click Deploy Gateway

#Step 2: Protocol Configuration

ports:
- protocol: HTTPS
  port: 443
- protocol: TCP
  port: 3306

#Step 3: Cloud Integration

For Huawei Cloud ELB:

• Provide ELB ID and type For MetalLB:
• Verify available IPs in Network Management > External Address Pool

#Gateway Deployment via NodePort

#Step 1: Configure NodePort

1. Set Service Type to NodePort
2. Define node ports:

#Step 2: External Proxy Setup

Recommended Architecture:

Client → F5/HAProxy → NodeIP:NodePort → Ingress Gateway

#Verification

1. Access gateway details page

2. Confirm status: Running

3. Validate endpoint connectivity:

   curl -I http://<EXTERNAL-IP>:<PORT>/healthz

#Operational Notes

• Shared gateways are visible to all cluster projects
• Dedicated gateways require project isolation
• TLS termination requires separate certificate configuration
• Avoid port conflicts with existing services