Details
-
Spike
-
Resolution: Done
-
Blocker
-
None
-
None
-
None
-
8
-
False
-
None
-
False
-
OCPSTRAT-416 - Gateway API using Istio for Cluster Ingress (Dev Preview)
-
Sprint 227, Sprint 228
-
0
-
0.0
Description
As a user of Service Mesh, I want to know whether/how I can use a single Istio deployment to manage Envoy, so that I can avoid the overhead of running multiple Istio and Envoy instances and avoid the latency that would result from forwarding traffic from an Envoy for ingress to the Envoy for my mesh.
The outcome of this story is some brief documentation including example yaml definitions to configure OSSM with a Gateway API gateway object, an httproute, and the Istio objects to configure a service mesh, with the result that ingress traffic gets routed into the mesh per the httproute object and gets routed within the mesh per the mesh configuration, all using a single control plane.
Ideally we would have a single Istio control plane for both Istio Gateway API and OSSM, because there is an extra network hop if you have 2 control planes.
To prove if a single Istio control plane is possible, we would need to setup Istio Gateway API as a part of an OSSM service mesh and ensure the following:
- No changes are needed to installation procedures.
- No changes are needed to OpenShift objects, especially namespaces.
- No changes are needed or restrictions apply to Gateway, HTTPRoute, Services, or other GWAPI (or hybrid) objects.
- Anything else?
Terminology:
- control plane: represents APIs like GWAPI, Istio API, and the operator that translates the commands to the data plane.
- data plane: represents components that route traffic to services, e.g. HAProxy or Envoy.
