{"id":57844,"date":"2023-07-30T15:06:11","date_gmt":"2023-07-30T09:36:11","guid":{"rendered":"https:\/\/www.tothenew.com\/blog\/?p=57844"},"modified":"2023-09-06T15:12:25","modified_gmt":"2023-09-06T09:42:25","slug":"istio-as-a-cluster-ip-in-google-kuberentes-engine","status":"publish","type":"post","link":"https:\/\/www.tothenew.com\/blog\/istio-as-a-cluster-ip-in-google-kuberentes-engine\/","title":{"rendered":"ISTIO as a cluster IP in Google kuberentes Engine"},"content":{"rendered":"<p><span style=\"font-weight: 400;\">By default, when running services on Google Kubernetes Engine (GKE), the preferred method for exposing these services to external traffic is using Ingress. Ingress provides a centralized entry point to the cluster and allows for the routing of external traffic to different services based on defined rules.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">However, as the number of services and complexity of the system grows, relying solely on Ingress for service exposure can become challenging and less efficient. Each service would require its own Ingress resource, which in turn creates individual load balancers, leading to increased costs and management overhead.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">To address these challenges and achieve better scalability and cost-effectiveness, implementing a service mesh such as <\/span><b>Istio<\/b><span style=\"font-weight: 400;\"> becomes essential. It is a service mesh solution that provides a dedicated infrastructure layer that handles the communication between services within the cluster. It enables advanced traffic management, observability, and security features, allowing for better control and management of the services. Istio\u2019s modernized service networking layer implementation provides a transparent and language-independent way to flexibly and easily automate application network functions.<\/span><\/p>\n<h2><strong>Problem Statement\u00a0<\/strong><\/h2>\n<p><b><br \/>\n<\/b><span style=\"font-weight: 400;\">In our scenario, each service running in the GKE cluster is assigned its own load balancer, which proves to be costly. Therefore, we must implement a service mesh to address this issue and achieve a more cost-effective solution.<\/span><b><br \/>\n<\/b><b><br \/>\n<\/b><span style=\"font-weight: 400;\">There is a lack of available information or resources on the internet regarding running an ISTIO service type as a cluster IP.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The only solutions we get on the internet are\u00a0<\/span><\/p>\n<ul>\n<li><b>Service type as Network load balancer: Istio <\/b><span style=\"font-weight: 400;\">default profile gives service type as load balancer which works on layer 4 (Network layer). So we can\u2019t attach SSL directly in GCP. It&#8217;s difficult to manage a Load balancer.<\/span><\/li>\n<\/ul>\n<ul>\n<li><b>Service type as Nodeport:<\/b><span style=\"font-weight: 400;\"> Another way was to implement Istio with a service type as Nodeport. But it has a few limitations.<\/span><\/li>\n<\/ul>\n<ul>\n<li><span style=\"font-weight: 400;\">You need to track which nodes have pods with exposed ports.<\/span><\/li>\n<\/ul>\n<ul>\n<li><span style=\"font-weight: 400;\">It only exposes one service per port<\/span><\/li>\n<\/ul>\n<ul>\n<li><span style=\"font-weight: 400;\">The ports available to NodePort are in the 30,000 to 32,767 range.<\/span><\/li>\n<\/ul>\n<h2><span style=\"font-weight: 400;\"><br \/>\n<\/span><strong>Solution<\/strong><\/h2>\n<p><span style=\"font-weight: 400;\">This blog talks about the solution through which one can launch the<\/span><b> Istio service type as cluster<\/b> <b>ip,<\/b><span style=\"font-weight: 400;\"> which is a much more secure way of implementing the action-service mess on GKE cluster<\/span><\/p>\n<h3><strong>Installation<\/strong><\/h3>\n<p><span style=\"font-weight: 400;\">Choose the type that best suits your needs and platform.<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\"><a href=\"https:\/\/istio.io\/latest\/docs\/setup\/install\/istioctl\/\"><span style=\"font-weight: 400;\">Install with Istioctl<\/span><\/a><span style=\"font-weight: 400;\">\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\"><a href=\"https:\/\/istio.io\/latest\/docs\/setup\/install\/helm\/\"><span style=\"font-weight: 400;\">Install with Helm<\/span><\/a><\/li>\n<li style=\"font-weight: 400;\"><a href=\"https:\/\/istio.io\/latest\/docs\/setup\/install\/virtual-machine\/\"><span style=\"font-weight: 400;\">Virtual Machine Installation<\/span><\/a><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">In our case we use istioctl to install Istio in the GKE cluster.<\/span><\/p>\n<pre><span style=\"font-weight: 400;\">$ curl -L https:\/\/istio.io\/downloadIstio | sh -<\/span>\r\n<span style=\"font-weight: 400;\">$ cd istio-1.17.1<\/span>\r\n<span style=\"font-weight: 400;\">$ export PATH=$PWD\/bin:$PATH<\/span>\r\n<span style=\"font-weight: 400;\">$ istioctl install --set profile=Default -y\u00a0<\/span><\/pre>\n<p><span style=\"font-weight: 400;\">Istio offers several <\/span><b>configuration profiles<\/b><span style=\"font-weight: 400;\">. These profiles provide pre-canned customizations of the Istio control plane and the sidecars for the Istio data plane. You can start with one of Istio\u2019s built-in configuration profiles and then tailor the configuration to your specific needs. There are five built-in profiles; To check more profiles, click on the <\/span><span style=\"font-weight: 400;\">Link=<\/span><a href=\"https:\/\/istio.io\/latest\/docs\/setup\/install\/istioctl\/#display-the-list-of-available-profiles\"><span style=\"font-weight: 400;\">Click Here<\/span><\/a><\/p>\n<p><span style=\"font-weight: 400;\">As this blog talks about the implementation we had in our project, we will go ahead with the Default profile.<\/span><\/p>\n<h3><strong>Configuration<\/strong><\/h3>\n<p><b>Configuration file as below :-<\/b><span style=\"font-weight: 400;\">\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">-&gt; Default.yaml<\/span><\/p>\n<pre class=\"code highlight\"><strong><em><span id=\"LC1\" class=\"line\" lang=\"yaml\" data-testid=\"content\"><span class=\"hljs-attr\">apiVersion:<\/span> <span class=\"hljs-string\">install.istio.io\/v1alpha1<\/span><\/span>\r\n<span id=\"LC2\" class=\"line\" lang=\"yaml\" data-testid=\"content\"><span class=\"hljs-attr\">kind:<\/span> <span class=\"hljs-string\">IstioOperator<\/span><\/span>\r\n<span id=\"LC3\" class=\"line\" lang=\"yaml\" data-testid=\"content\"><span class=\"hljs-attr\">metadata:<\/span><\/span>\r\n<span id=\"LC4\" class=\"line\" lang=\"yaml\" data-testid=\"content\">  <span class=\"hljs-attr\">namespace:<\/span> <span class=\"hljs-string\">istio-system<\/span><\/span>\r\n<span id=\"LC5\" class=\"line\" lang=\"yaml\" data-testid=\"content\"><span class=\"hljs-attr\">spec:<\/span><\/span>\r\n<span id=\"LC6\" class=\"line\" lang=\"yaml\" data-testid=\"content\">  <span class=\"hljs-attr\">hub:<\/span> <span class=\"hljs-string\">docker.io\/istio<\/span><\/span>\r\n<span id=\"LC7\" class=\"line\" lang=\"yaml\" data-testid=\"content\">  <span class=\"hljs-attr\">tag:<\/span> <span class=\"hljs-number\">1.15<\/span><span class=\"hljs-number\">.2<\/span><\/span>\r\n<span id=\"LC8\" class=\"line\" lang=\"yaml\" data-testid=\"content\"><\/span>\r\n<span id=\"LC9\" class=\"line\" lang=\"yaml\" data-testid=\"content\">  <span class=\"hljs-attr\">meshConfig:<\/span><\/span>\r\n<span id=\"LC10\" class=\"line\" lang=\"yaml\" data-testid=\"content\">    <span class=\"hljs-attr\">defaultConfig:<\/span><\/span>\r\n<span id=\"LC11\" class=\"line\" lang=\"yaml\" data-testid=\"content\">      <span class=\"hljs-attr\">proxyMetadata:<\/span> <span class=\"\">{<\/span><span class=\"\">}<\/span><\/span>\r\n<span id=\"LC12\" class=\"line\" lang=\"yaml\" data-testid=\"content\">    <span class=\"hljs-attr\">enablePrometheusMerge:<\/span> <span class=\"hljs-literal\">true<\/span><\/span>\r\n<span id=\"LC13\" class=\"line\" lang=\"yaml\" data-testid=\"content\">    <span class=\"hljs-attr\">accessLogFile:<\/span> <span class=\"hljs-string\">\/dev\/stdout<\/span><\/span>\r\n<span id=\"LC14\" class=\"line\" lang=\"yaml\" data-testid=\"content\">    <span class=\"hljs-attr\">extensionProviders:<\/span><\/span>\r\n<span id=\"LC15\" class=\"line\" lang=\"yaml\" data-testid=\"content\">    <span class=\"hljs-bullet\">-<\/span> <span class=\"hljs-attr\">name:<\/span> <span class=\"hljs-string\">otel<\/span><\/span>\r\n<span id=\"LC16\" class=\"line\" lang=\"yaml\" data-testid=\"content\">      <span class=\"hljs-attr\">envoyOtelAls:<\/span><\/span>\r\n<span id=\"LC17\" class=\"line\" lang=\"yaml\" data-testid=\"content\">        <span class=\"hljs-attr\">service:<\/span> <span class=\"hljs-string\">opentelemetry-collector.istio-system.svc.cluster.local<\/span><\/span>\r\n<span id=\"LC18\" class=\"line\" lang=\"yaml\" data-testid=\"content\">        <span class=\"hljs-attr\">port:<\/span> <span class=\"hljs-number\">4317<\/span><\/span>\r\n<span id=\"LC19\" class=\"line\" lang=\"yaml\" data-testid=\"content\"><\/span>\r\n<span id=\"LC20\" class=\"line\" lang=\"yaml\" data-testid=\"content\">  <span class=\"hljs-comment\"># Traffic management feature<\/span><\/span>\r\n<span id=\"LC21\" class=\"line\" lang=\"yaml\" data-testid=\"content\">  <span class=\"hljs-attr\">components:<\/span><\/span>\r\n<span id=\"LC22\" class=\"line\" lang=\"yaml\" data-testid=\"content\">    <span class=\"hljs-attr\">base:<\/span><\/span>\r\n<span id=\"LC23\" class=\"line\" lang=\"yaml\" data-testid=\"content\">      <span class=\"hljs-attr\">enabled:<\/span> <span class=\"hljs-literal\">true<\/span><\/span>\r\n<span id=\"LC24\" class=\"line\" lang=\"yaml\" data-testid=\"content\">    <span class=\"hljs-attr\">pilot:<\/span><\/span>\r\n<span id=\"LC25\" class=\"line\" lang=\"yaml\" data-testid=\"content\">      <span class=\"hljs-attr\">enabled:<\/span> <span class=\"hljs-literal\">true<\/span><\/span>\r\n<span id=\"LC26\" class=\"line\" lang=\"yaml\" data-testid=\"content\">      <span class=\"hljs-attr\">k8s:<\/span><\/span>\r\n<span id=\"LC27\" class=\"line\" lang=\"yaml\" data-testid=\"content\">        <span class=\"hljs-attr\">env:<\/span><\/span>\r\n<span id=\"LC28\" class=\"line\" lang=\"yaml\" data-testid=\"content\">          <span class=\"hljs-bullet\">-<\/span> <span class=\"hljs-attr\">name:<\/span> <span class=\"hljs-string\">PILOT_TRACE_SAMPLING<\/span><\/span>\r\n<span id=\"LC29\" class=\"line\" lang=\"yaml\" data-testid=\"content\">            <span class=\"hljs-attr\">value:<\/span> <span class=\"hljs-string\">\"100\"<\/span><\/span>\r\n<span id=\"LC30\" class=\"line\" lang=\"yaml\" data-testid=\"content\">        <span class=\"hljs-attr\">resources:<\/span><\/span>\r\n<span id=\"LC31\" class=\"line\" lang=\"yaml\" data-testid=\"content\">          <span class=\"hljs-attr\">requests:<\/span><\/span>\r\n<span id=\"LC32\" class=\"line\" lang=\"yaml\" data-testid=\"content\">            <span class=\"hljs-attr\">cpu:<\/span> <span class=\"hljs-string\">1000m<\/span><\/span>\r\n<span id=\"LC33\" class=\"line\" lang=\"yaml\" data-testid=\"content\">            <span class=\"hljs-attr\">memory:<\/span> <span class=\"hljs-string\">4096Mi<\/span><\/span>\r\n<span id=\"LC34\" class=\"line\" lang=\"yaml\" data-testid=\"content\"><\/span>\r\n<span id=\"LC35\" class=\"line\" lang=\"yaml\" data-testid=\"content\">    <span class=\"hljs-comment\"># Istio Gateway feature<\/span><\/span>\r\n<span id=\"LC36\" class=\"line\" lang=\"yaml\" data-testid=\"content\">    <span class=\"hljs-attr\">ingressGateways:<\/span><\/span>\r\n<span id=\"LC37\" class=\"line\" lang=\"yaml\" data-testid=\"content\">    <span class=\"hljs-bullet\">-<\/span> <span class=\"hljs-attr\">name:<\/span> <span class=\"hljs-string\">istio-ingressgateway<\/span><\/span>\r\n<span id=\"LC38\" class=\"line\" lang=\"yaml\" data-testid=\"content\">      <span class=\"hljs-attr\">enabled:<\/span> <span class=\"hljs-literal\">true<\/span><\/span>\r\n<span id=\"LC39\" class=\"line\" lang=\"yaml\" data-testid=\"content\">      <span class=\"hljs-attr\">label:<\/span><\/span>\r\n<span id=\"LC40\" class=\"line\" lang=\"yaml\" data-testid=\"content\">        <span class=\"hljs-attr\">app:<\/span> <span class=\"hljs-string\">istio-ingressgateway<\/span><\/span>\r\n<span id=\"LC41\" class=\"line\" lang=\"yaml\" data-testid=\"content\">        <span class=\"hljs-attr\">istio:<\/span> <span class=\"hljs-string\">ingressgateway<\/span><\/span>\r\n<span id=\"LC42\" class=\"line\" lang=\"yaml\" data-testid=\"content\">      <span class=\"hljs-attr\">k8s:<\/span><\/span>\r\n<span id=\"LC43\" class=\"line\" lang=\"yaml\" data-testid=\"content\">        <span class=\"hljs-attr\">resources:<\/span><\/span>\r\n<span id=\"LC44\" class=\"line\" lang=\"yaml\" data-testid=\"content\">          <span class=\"hljs-attr\">requests:<\/span><\/span>\r\n<span id=\"LC45\" class=\"line\" lang=\"yaml\" data-testid=\"content\">            <span class=\"hljs-attr\">cpu:<\/span> <span class=\"hljs-string\">100m<\/span><\/span>\r\n<span id=\"LC46\" class=\"line\" lang=\"yaml\" data-testid=\"content\">            <span class=\"hljs-attr\">memory:<\/span> <span class=\"hljs-string\">400Mi<\/span><\/span>\r\n<span id=\"LC47\" class=\"line\" lang=\"yaml\" data-testid=\"content\">        <span class=\"hljs-attr\">service:<\/span><\/span>\r\n<span id=\"LC48\" class=\"line\" lang=\"yaml\" data-testid=\"content\">          <span class=\"hljs-attr\">type:<\/span> <span class=\"hljs-string\">ClusterIP<\/span><\/span>\r\n<span id=\"LC49\" class=\"line\" lang=\"yaml\" data-testid=\"content\">          <span class=\"hljs-attr\">ports:<\/span><\/span>\r\n<span id=\"LC50\" class=\"line\" lang=\"yaml\" data-testid=\"content\">            <span class=\"hljs-comment\">## You can add custom gateway ports in user values overrides, but it must include those ports since helm replaces.<\/span><\/span>\r\n<span id=\"LC51\" class=\"line\" lang=\"yaml\" data-testid=\"content\">            <span class=\"hljs-comment\"># Note that AWS ELB will by default perform health checks on the first port<\/span><\/span>\r\n<span id=\"LC52\" class=\"line\" lang=\"yaml\" data-testid=\"content\">            <span class=\"hljs-comment\"># on this list. Setting this to the health check port will ensure that health<\/span><\/span>\r\n<span id=\"LC53\" class=\"line\" lang=\"yaml\" data-testid=\"content\">            <span class=\"hljs-comment\"># checks always work. https:\/\/github.com\/istio\/istio\/issues\/12503<\/span><\/span>\r\n<span id=\"LC54\" class=\"line\" lang=\"yaml\" data-testid=\"content\">            <span class=\"hljs-bullet\">-<\/span> <span class=\"hljs-attr\">port:<\/span> <span class=\"hljs-number\">15021<\/span><\/span>\r\n<span id=\"LC55\" class=\"line\" lang=\"yaml\" data-testid=\"content\">              <span class=\"hljs-attr\">targetPort:<\/span> <span class=\"hljs-number\">15021<\/span><\/span>\r\n<span id=\"LC56\" class=\"line\" lang=\"yaml\" data-testid=\"content\">              <span class=\"hljs-attr\">name:<\/span> <span class=\"hljs-string\">status-port<\/span><\/span>\r\n<span id=\"LC57\" class=\"line\" lang=\"yaml\" data-testid=\"content\">            <span class=\"hljs-bullet\">-<\/span> <span class=\"hljs-attr\">port:<\/span> <span class=\"hljs-number\">80<\/span><\/span>\r\n<span id=\"LC58\" class=\"line\" lang=\"yaml\" data-testid=\"content\">              <span class=\"hljs-attr\">targetPort:<\/span> <span class=\"hljs-number\">8080<\/span><\/span>\r\n<span id=\"LC59\" class=\"line\" lang=\"yaml\" data-testid=\"content\">              <span class=\"hljs-attr\">name:<\/span> <span class=\"hljs-string\">http2<\/span><\/span>\r\n<span id=\"LC60\" class=\"line\" lang=\"yaml\" data-testid=\"content\">            <span class=\"hljs-bullet\">-<\/span> <span class=\"hljs-attr\">port:<\/span> <span class=\"hljs-number\">443<\/span><\/span>\r\n<span id=\"LC61\" class=\"line\" lang=\"yaml\" data-testid=\"content\">              <span class=\"hljs-attr\">targetPort:<\/span> <span class=\"hljs-number\">8443<\/span><\/span>\r\n<span id=\"LC62\" class=\"line\" lang=\"yaml\" data-testid=\"content\">              <span class=\"hljs-attr\">name:<\/span> <span class=\"hljs-string\">https<\/span><\/span>\r\n<span id=\"LC63\" class=\"line\" lang=\"yaml\" data-testid=\"content\">            <span class=\"hljs-bullet\">-<\/span> <span class=\"hljs-attr\">port:<\/span> <span class=\"hljs-number\">31400<\/span><\/span>\r\n<span id=\"LC64\" class=\"line\" lang=\"yaml\" data-testid=\"content\">              <span class=\"hljs-attr\">targetPort:<\/span> <span class=\"hljs-number\">31400<\/span><\/span>\r\n<span id=\"LC65\" class=\"line\" lang=\"yaml\" data-testid=\"content\">              <span class=\"hljs-attr\">name:<\/span> <span class=\"hljs-string\">tcp<\/span><\/span>\r\n<span id=\"LC66\" class=\"line\" lang=\"yaml\" data-testid=\"content\">              <span class=\"hljs-comment\"># This is the port where sni routing happens<\/span><\/span>\r\n<span id=\"LC67\" class=\"line\" lang=\"yaml\" data-testid=\"content\">            <span class=\"hljs-bullet\">-<\/span> <span class=\"hljs-attr\">port:<\/span> <span class=\"hljs-number\">15443<\/span><\/span>\r\n<span id=\"LC68\" class=\"line\" lang=\"yaml\" data-testid=\"content\">              <span class=\"hljs-attr\">targetPort:<\/span> <span class=\"hljs-number\">15443<\/span><\/span>\r\n<span id=\"LC69\" class=\"line\" lang=\"yaml\" data-testid=\"content\">              <span class=\"hljs-attr\">name:<\/span> <span class=\"hljs-string\">tls<\/span><\/span>\r\n<span id=\"LC70\" class=\"line\" lang=\"yaml\" data-testid=\"content\">        <span class=\"hljs-attr\">serviceAnnotations:<\/span><\/span>\r\n<span id=\"LC71\" class=\"line\" lang=\"yaml\" data-testid=\"content\">          <span class=\"hljs-attr\">cloud.google.com\/backend-config:<\/span> <span class=\"hljs-string\">'{\"default\": \"ingress\"}'<\/span><\/span>\r\n<span id=\"LC72\" class=\"line\" lang=\"yaml\" data-testid=\"content\">          <span class=\"hljs-attr\">cloud.google.com\/neg:<\/span> <span class=\"hljs-string\">'{\"ingress\": true}'<\/span><\/span>\r\n<span id=\"LC73\" class=\"line\" lang=\"yaml\" data-testid=\"content\"><\/span>\r\n<span id=\"LC74\" class=\"line\" lang=\"yaml\" data-testid=\"content\">    <span class=\"hljs-attr\">egressGateways:<\/span><\/span>\r\n<span id=\"LC75\" class=\"line\" lang=\"yaml\" data-testid=\"content\">    <span class=\"hljs-bullet\">-<\/span> <span class=\"hljs-attr\">name:<\/span> <span class=\"hljs-string\">istio-egressgateway<\/span><\/span>\r\n<span id=\"LC76\" class=\"line\" lang=\"yaml\" data-testid=\"content\">      <span class=\"hljs-attr\">enabled:<\/span> <span class=\"hljs-literal\">true<\/span><\/span>\r\n<span id=\"LC77\" class=\"line\" lang=\"yaml\" data-testid=\"content\">      <span class=\"hljs-attr\">k8s:<\/span><\/span>\r\n<span id=\"LC78\" class=\"line\" lang=\"yaml\" data-testid=\"content\">        <span class=\"hljs-attr\">resources:<\/span><\/span>\r\n<span id=\"LC79\" class=\"line\" lang=\"yaml\" data-testid=\"content\">          <span class=\"hljs-attr\">requests:<\/span><\/span>\r\n<span id=\"LC80\" class=\"line\" lang=\"yaml\" data-testid=\"content\">            <span class=\"hljs-attr\">cpu:<\/span> <span class=\"hljs-string\">100m<\/span><\/span>\r\n<span id=\"LC81\" class=\"line\" lang=\"yaml\" data-testid=\"content\">            <span class=\"hljs-attr\">memory:<\/span> <span class=\"hljs-string\">400Mi<\/span><\/span>\r\n<span id=\"LC82\" class=\"line\" lang=\"yaml\" data-testid=\"content\"><\/span>\r\n<span id=\"LC83\" class=\"line\" lang=\"yaml\" data-testid=\"content\">    <span class=\"hljs-comment\"># Istio CNI feature<\/span><\/span>\r\n<span id=\"LC84\" class=\"line\" lang=\"yaml\" data-testid=\"content\">    <span class=\"hljs-attr\">cni:<\/span><\/span>\r\n<span id=\"LC85\" class=\"line\" lang=\"yaml\" data-testid=\"content\">      <span class=\"hljs-attr\">enabled:<\/span> <span class=\"hljs-literal\">false<\/span><\/span>\r\n<span id=\"LC86\" class=\"line\" lang=\"yaml\" data-testid=\"content\">    <\/span>\r\n<span id=\"LC87\" class=\"line\" lang=\"yaml\" data-testid=\"content\">    <span class=\"hljs-comment\"># Remote and config cluster configuration for an external istiod<\/span><\/span>\r\n<span id=\"LC88\" class=\"line\" lang=\"yaml\" data-testid=\"content\">    <span class=\"hljs-attr\">istiodRemote:<\/span><\/span>\r\n<span id=\"LC89\" class=\"line\" lang=\"yaml\" data-testid=\"content\">      <span class=\"hljs-attr\">enabled:<\/span> <span class=\"hljs-literal\">false<\/span><\/span>\r\n<span id=\"LC90\" class=\"line\" lang=\"yaml\" data-testid=\"content\"><\/span>\r\n<span id=\"LC91\" class=\"line\" lang=\"yaml\" data-testid=\"content\">  <span class=\"hljs-comment\"># Global values passed through to helm global.yaml.<\/span><\/span>\r\n<span id=\"LC92\" class=\"line\" lang=\"yaml\" data-testid=\"content\">  <span class=\"hljs-comment\"># Please keep this in sync with manifests\/charts\/global.yaml<\/span><\/span>\r\n<span id=\"LC93\" class=\"line\" lang=\"yaml\" data-testid=\"content\">  <span class=\"hljs-attr\">values:<\/span><\/span>\r\n<span id=\"LC94\" class=\"line\" lang=\"yaml\" data-testid=\"content\">    <span class=\"hljs-attr\">defaultRevision:<\/span> <span class=\"hljs-string\">\"\"<\/span><\/span>\r\n<span id=\"LC95\" class=\"line\" lang=\"yaml\" data-testid=\"content\">    <span class=\"hljs-attr\">global:<\/span><\/span>\r\n<span id=\"LC96\" class=\"line\" lang=\"yaml\" data-testid=\"content\">      <span class=\"hljs-attr\">istioNamespace:<\/span> <span class=\"hljs-string\">istio-system<\/span><\/span>\r\n<span id=\"LC97\" class=\"line\" lang=\"yaml\" data-testid=\"content\">      <span class=\"hljs-attr\">istiod:<\/span><\/span>\r\n<span id=\"LC98\" class=\"line\" lang=\"yaml\" data-testid=\"content\">        <span class=\"hljs-attr\">enableAnalysis:<\/span> <span class=\"hljs-literal\">false<\/span><\/span>\r\n<span id=\"LC99\" class=\"line\" lang=\"yaml\" data-testid=\"content\">      <span class=\"hljs-attr\">logging:<\/span><\/span>\r\n<span id=\"LC100\" class=\"line\" lang=\"yaml\" data-testid=\"content\">        <span class=\"hljs-attr\">level:<\/span> <span class=\"hljs-string\">\"default:info\"<\/span><\/span>\r\n<span id=\"LC101\" class=\"line\" lang=\"yaml\" data-testid=\"content\">      <span class=\"hljs-attr\">logAsJson:<\/span> <span class=\"hljs-literal\">false<\/span><\/span>\r\n<span id=\"LC102\" class=\"line\" lang=\"yaml\" data-testid=\"content\">      <span class=\"hljs-attr\">pilotCertProvider:<\/span> <span class=\"hljs-string\">istiod<\/span><\/span>\r\n<span id=\"LC103\" class=\"line\" lang=\"yaml\" data-testid=\"content\">      <span class=\"hljs-attr\">jwtPolicy:<\/span> <span class=\"hljs-string\">third-party-jwt<\/span><\/span>\r\n<span id=\"LC104\" class=\"line\" lang=\"yaml\" data-testid=\"content\">      <span class=\"hljs-attr\">proxy:<\/span><\/span>\r\n<span id=\"LC105\" class=\"line\" lang=\"yaml\" data-testid=\"content\">        <span class=\"hljs-attr\">image:<\/span> <span class=\"hljs-string\">proxyv2<\/span><\/span>\r\n<span id=\"LC106\" class=\"line\" lang=\"yaml\" data-testid=\"content\">        <span class=\"hljs-attr\">clusterDomain:<\/span> <span class=\"hljs-string\">\"cluster.local\"<\/span><\/span>\r\n<span id=\"LC107\" class=\"line\" lang=\"yaml\" data-testid=\"content\">        <span class=\"hljs-attr\">resources:<\/span><\/span>\r\n<span id=\"LC108\" class=\"line\" lang=\"yaml\" data-testid=\"content\">          <span class=\"hljs-attr\">requests:<\/span><\/span>\r\n<span id=\"LC109\" class=\"line\" lang=\"yaml\" data-testid=\"content\">            <span class=\"hljs-attr\">cpu:<\/span> <span class=\"hljs-string\">100m<\/span><\/span>\r\n<span id=\"LC110\" class=\"line\" lang=\"yaml\" data-testid=\"content\">            <span class=\"hljs-attr\">memory:<\/span> <span class=\"hljs-string\">128Mi<\/span><\/span>\r\n<span id=\"LC111\" class=\"line\" lang=\"yaml\" data-testid=\"content\">          <span class=\"hljs-attr\">limits:<\/span><\/span>\r\n<span id=\"LC112\" class=\"line\" lang=\"yaml\" data-testid=\"content\">            <span class=\"hljs-attr\">cpu:<\/span> <span class=\"hljs-string\">2000m<\/span><\/span>\r\n<span id=\"LC113\" class=\"line\" lang=\"yaml\" data-testid=\"content\">            <span class=\"hljs-attr\">memory:<\/span> <span class=\"hljs-string\">1024Mi<\/span><\/span>\r\n<span id=\"LC114\" class=\"line\" lang=\"yaml\" data-testid=\"content\">        <span class=\"hljs-attr\">logLevel:<\/span> <span class=\"hljs-string\">warning<\/span><\/span>\r\n<span id=\"LC115\" class=\"line\" lang=\"yaml\" data-testid=\"content\">        <span class=\"hljs-attr\">componentLogLevel:<\/span> <span class=\"hljs-string\">\"misc:error\"<\/span><\/span>\r\n<span id=\"LC116\" class=\"line\" lang=\"yaml\" data-testid=\"content\">        <span class=\"hljs-attr\">privileged:<\/span> <span class=\"hljs-literal\">false<\/span><\/span>\r\n<span id=\"LC117\" class=\"line\" lang=\"yaml\" data-testid=\"content\">        <span class=\"hljs-attr\">enableCoreDump:<\/span> <span class=\"hljs-literal\">false<\/span><\/span>\r\n<span id=\"LC118\" class=\"line\" lang=\"yaml\" data-testid=\"content\">        <span class=\"hljs-attr\">statusPort:<\/span> <span class=\"hljs-number\">15020<\/span><\/span>\r\n<span id=\"LC119\" class=\"line\" lang=\"yaml\" data-testid=\"content\">        <span class=\"hljs-attr\">readinessInitialDelaySeconds:<\/span> <span class=\"hljs-number\">1<\/span><\/span>\r\n<span id=\"LC120\" class=\"line\" lang=\"yaml\" data-testid=\"content\">        <span class=\"hljs-attr\">readinessPeriodSeconds:<\/span> <span class=\"hljs-number\">2<\/span><\/span>\r\n<span id=\"LC121\" class=\"line\" lang=\"yaml\" data-testid=\"content\">        <span class=\"hljs-attr\">readinessFailureThreshold:<\/span> <span class=\"hljs-number\">30<\/span><\/span>\r\n<span id=\"LC122\" class=\"line\" lang=\"yaml\" data-testid=\"content\">        <span class=\"hljs-attr\">includeIPRanges:<\/span> <span class=\"hljs-string\">\"*\"<\/span><\/span>\r\n<span id=\"LC123\" class=\"line\" lang=\"yaml\" data-testid=\"content\">        <span class=\"hljs-attr\">excludeIPRanges:<\/span> <span class=\"hljs-string\">\"\"<\/span><\/span>\r\n<span id=\"LC124\" class=\"line\" lang=\"yaml\" data-testid=\"content\">        <span class=\"hljs-attr\">excludeOutboundPorts:<\/span> <span class=\"hljs-string\">\"\"<\/span><\/span>\r\n<span id=\"LC125\" class=\"line\" lang=\"yaml\" data-testid=\"content\">        <span class=\"hljs-attr\">excludeInboundPorts:<\/span> <span class=\"hljs-string\">\"\"<\/span><\/span>\r\n<span id=\"LC126\" class=\"line\" lang=\"yaml\" data-testid=\"content\">        <span class=\"hljs-attr\">autoInject:<\/span> <span class=\"hljs-string\">enabled<\/span><\/span>\r\n<span id=\"LC127\" class=\"line\" lang=\"yaml\" data-testid=\"content\">        <span class=\"hljs-attr\">tracer:<\/span> <span class=\"hljs-string\">\"datadog\"<\/span> <span class=\"hljs-comment\">#\"zipkin\"<\/span><\/span>\r\n<span id=\"LC128\" class=\"line\" lang=\"yaml\" data-testid=\"content\">      <span class=\"hljs-attr\">proxy_init:<\/span><\/span>\r\n<span id=\"LC129\" class=\"line\" lang=\"yaml\" data-testid=\"content\">        <span class=\"hljs-attr\">image:<\/span> <span class=\"hljs-string\">proxyv2<\/span><\/span>\r\n<span id=\"LC130\" class=\"line\" lang=\"yaml\" data-testid=\"content\">        <span class=\"hljs-attr\">resources:<\/span><\/span>\r\n<span id=\"LC131\" class=\"line\" lang=\"yaml\" data-testid=\"content\">          <span class=\"hljs-attr\">limits:<\/span><\/span>\r\n<span id=\"LC132\" class=\"line\" lang=\"yaml\" data-testid=\"content\">            <span class=\"hljs-attr\">cpu:<\/span> <span class=\"hljs-string\">2000m<\/span><\/span>\r\n<span id=\"LC133\" class=\"line\" lang=\"yaml\" data-testid=\"content\">            <span class=\"hljs-attr\">memory:<\/span> <span class=\"hljs-string\">1024Mi<\/span><\/span>\r\n<span id=\"LC134\" class=\"line\" lang=\"yaml\" data-testid=\"content\">          <span class=\"hljs-attr\">requests:<\/span><\/span>\r\n<span id=\"LC135\" class=\"line\" lang=\"yaml\" data-testid=\"content\">            <span class=\"hljs-attr\">cpu:<\/span> <span class=\"hljs-string\">10m<\/span><\/span>\r\n<span id=\"LC136\" class=\"line\" lang=\"yaml\" data-testid=\"content\">            <span class=\"hljs-attr\">memory:<\/span> <span class=\"hljs-string\">10Mi<\/span><\/span>\r\n<span id=\"LC137\" class=\"line\" lang=\"yaml\" data-testid=\"content\">      <span class=\"hljs-comment\"># Specify image pull policy if default behavior isn't desired.<\/span><\/span>\r\n<span id=\"LC138\" class=\"line\" lang=\"yaml\" data-testid=\"content\">      <span class=\"hljs-comment\"># Default behavior: latest images will be Always else IfNotPresent.<\/span><\/span>\r\n<span id=\"LC139\" class=\"line\" lang=\"yaml\" data-testid=\"content\">      <span class=\"hljs-attr\">imagePullPolicy:<\/span> <span class=\"hljs-string\">\"\"<\/span><\/span>\r\n<span id=\"LC140\" class=\"line\" lang=\"yaml\" data-testid=\"content\">      <span class=\"hljs-attr\">operatorManageWebhooks:<\/span> <span class=\"hljs-literal\">false<\/span><\/span>\r\n<span id=\"LC141\" class=\"line\" lang=\"yaml\" data-testid=\"content\">      <span class=\"hljs-attr\">tracer:<\/span><\/span>\r\n<span id=\"LC142\" class=\"line\" lang=\"yaml\" data-testid=\"content\">        <span class=\"hljs-attr\">datadog:<\/span> <span class=\"\">{<\/span><span class=\"\">}<\/span><\/span>\r\n<span id=\"LC143\" class=\"line\" lang=\"yaml\" data-testid=\"content\">        <span class=\"hljs-attr\">stackdriver:<\/span> <span class=\"\">{<\/span><span class=\"\">}<\/span><\/span>\r\n<span id=\"LC144\" class=\"line\" lang=\"yaml\" data-testid=\"content\">      <span class=\"hljs-attr\">imagePullSecrets:<\/span> <span class=\"\">[<\/span><span class=\"\">]<\/span><\/span>\r\n<span id=\"LC145\" class=\"line\" lang=\"yaml\" data-testid=\"content\">      <span class=\"hljs-attr\">oneNamespace:<\/span> <span class=\"hljs-literal\">false<\/span><\/span>\r\n<span id=\"LC146\" class=\"line\" lang=\"yaml\" data-testid=\"content\">      <span class=\"hljs-attr\">defaultNodeSelector:<\/span> <span class=\"\">{<\/span><span class=\"\">}<\/span><\/span>\r\n<span id=\"LC147\" class=\"line\" lang=\"yaml\" data-testid=\"content\">      <span class=\"hljs-attr\">configValidation:<\/span> <span class=\"hljs-literal\">true<\/span><\/span>\r\n<span id=\"LC148\" class=\"line\" lang=\"yaml\" data-testid=\"content\">      <span class=\"hljs-attr\">multiCluster:<\/span><\/span>\r\n<span id=\"LC149\" class=\"line\" lang=\"yaml\" data-testid=\"content\">        <span class=\"hljs-attr\">enabled:<\/span> <span class=\"hljs-literal\">false<\/span><\/span>\r\n<span id=\"LC150\" class=\"line\" lang=\"yaml\" data-testid=\"content\">        <span class=\"hljs-attr\">clusterName:<\/span> <span class=\"hljs-string\">\"\"<\/span><\/span>\r\n<span id=\"LC151\" class=\"line\" lang=\"yaml\" data-testid=\"content\">      <span class=\"hljs-attr\">omitSidecarInjectorConfigMap:<\/span> <span class=\"hljs-literal\">false<\/span><\/span>\r\n<span id=\"LC152\" class=\"line\" lang=\"yaml\" data-testid=\"content\">      <span class=\"hljs-attr\">network:<\/span> <span class=\"hljs-string\">\"\"<\/span><\/span>\r\n<span id=\"LC153\" class=\"line\" lang=\"yaml\" data-testid=\"content\">      <span class=\"hljs-attr\">defaultResources:<\/span><\/span>\r\n<span id=\"LC154\" class=\"line\" lang=\"yaml\" data-testid=\"content\">        <span class=\"hljs-attr\">requests:<\/span><\/span>\r\n<span id=\"LC155\" class=\"line\" lang=\"yaml\" data-testid=\"content\">          <span class=\"hljs-attr\">cpu:<\/span> <span class=\"hljs-string\">10m<\/span><\/span>\r\n<span id=\"LC156\" class=\"line\" lang=\"yaml\" data-testid=\"content\">      <span class=\"hljs-attr\">defaultPodDisruptionBudget:<\/span><\/span>\r\n<span id=\"LC157\" class=\"line\" lang=\"yaml\" data-testid=\"content\">        <span class=\"hljs-attr\">enabled:<\/span> <span class=\"hljs-literal\">true<\/span><\/span>\r\n<span id=\"LC158\" class=\"line\" lang=\"yaml\" data-testid=\"content\">      <span class=\"hljs-attr\">priorityClassName:<\/span> <span class=\"hljs-string\">\"\"<\/span><\/span>\r\n<span id=\"LC159\" class=\"line\" lang=\"yaml\" data-testid=\"content\">      <span class=\"hljs-attr\">useMCP:<\/span> <span class=\"hljs-literal\">false<\/span><\/span>\r\n<span id=\"LC160\" class=\"line\" lang=\"yaml\" data-testid=\"content\">      <span class=\"hljs-attr\">sds:<\/span><\/span>\r\n<span id=\"LC161\" class=\"line\" lang=\"yaml\" data-testid=\"content\">        <span class=\"hljs-attr\">token:<\/span><\/span>\r\n<span id=\"LC162\" class=\"line\" lang=\"yaml\" data-testid=\"content\">          <span class=\"hljs-attr\">aud:<\/span> <span class=\"hljs-string\">istio-ca<\/span><\/span>\r\n<span id=\"LC163\" class=\"line\" lang=\"yaml\" data-testid=\"content\">      <span class=\"hljs-attr\">sts:<\/span><\/span>\r\n<span id=\"LC164\" class=\"line\" lang=\"yaml\" data-testid=\"content\">        <span class=\"hljs-attr\">servicePort:<\/span> <span class=\"hljs-number\">0<\/span><\/span>\r\n<span id=\"LC165\" class=\"line\" lang=\"yaml\" data-testid=\"content\">      <span class=\"hljs-attr\">meshNetworks:<\/span> <span class=\"\">{<\/span><span class=\"\">}<\/span><\/span>\r\n<span id=\"LC166\" class=\"line\" lang=\"yaml\" data-testid=\"content\">      <span class=\"hljs-attr\">mountMtlsCerts:<\/span> <span class=\"hljs-literal\">false<\/span><\/span>\r\n<span id=\"LC167\" class=\"line\" lang=\"yaml\" data-testid=\"content\">    <span class=\"hljs-attr\">base:<\/span><\/span>\r\n<span id=\"LC168\" class=\"line\" lang=\"yaml\" data-testid=\"content\">      <span class=\"hljs-attr\">enableCRDTemplates:<\/span> <span class=\"hljs-literal\">false<\/span><\/span>\r\n<span id=\"LC169\" class=\"line\" lang=\"yaml\" data-testid=\"content\">      <span class=\"hljs-attr\">validationURL:<\/span> <span class=\"hljs-string\">\"\"<\/span><\/span>\r\n<span id=\"LC170\" class=\"line\" lang=\"yaml\" data-testid=\"content\">    <span class=\"hljs-attr\">pilot:<\/span><\/span>\r\n<span id=\"LC171\" class=\"line\" lang=\"yaml\" data-testid=\"content\">      <span class=\"hljs-attr\">autoscaleEnabled:<\/span> <span class=\"hljs-literal\">true<\/span><\/span>\r\n<span id=\"LC172\" class=\"line\" lang=\"yaml\" data-testid=\"content\">      <span class=\"hljs-attr\">autoscaleMin:<\/span> <span class=\"hljs-number\">1<\/span><\/span>\r\n<span id=\"LC173\" class=\"line\" lang=\"yaml\" data-testid=\"content\">      <span class=\"hljs-attr\">autoscaleMax:<\/span> <span class=\"hljs-number\">5<\/span><\/span>\r\n<span id=\"LC174\" class=\"line\" lang=\"yaml\" data-testid=\"content\">      <span class=\"hljs-attr\">replicaCount:<\/span> <span class=\"hljs-number\">1<\/span><\/span>\r\n<span id=\"LC175\" class=\"line\" lang=\"yaml\" data-testid=\"content\">      <span class=\"hljs-attr\">image:<\/span> <span class=\"hljs-string\">pilot<\/span><\/span>\r\n<span id=\"LC176\" class=\"line\" lang=\"yaml\" data-testid=\"content\">      <span class=\"hljs-attr\">traceSampling:<\/span> <span class=\"hljs-number\">100.0<\/span><\/span>\r\n<span id=\"LC177\" class=\"line\" lang=\"yaml\" data-testid=\"content\">      <span class=\"hljs-attr\">env:<\/span> <span class=\"\">{<\/span><span class=\"\">}<\/span><\/span>\r\n<span id=\"LC178\" class=\"line\" lang=\"yaml\" data-testid=\"content\">      <span class=\"hljs-attr\">cpu:<\/span><\/span>\r\n<span id=\"LC179\" class=\"line\" lang=\"yaml\" data-testid=\"content\">        <span class=\"hljs-attr\">targetAverageUtilization:<\/span> <span class=\"hljs-number\">80<\/span><\/span>\r\n<span id=\"LC180\" class=\"line\" lang=\"yaml\" data-testid=\"content\">      <span class=\"hljs-attr\">nodeSelector:<\/span> <span class=\"\">{<\/span><span class=\"\">}<\/span><\/span>\r\n<span id=\"LC181\" class=\"line\" lang=\"yaml\" data-testid=\"content\">      <span class=\"hljs-attr\">keepaliveMaxServerConnectionAge:<\/span> <span class=\"hljs-string\">30m<\/span><\/span>\r\n<span id=\"LC182\" class=\"line\" lang=\"yaml\" data-testid=\"content\">      <span class=\"hljs-attr\">enableProtocolSniffingForOutbound:<\/span> <span class=\"hljs-literal\">true<\/span><\/span>\r\n<span id=\"LC183\" class=\"line\" lang=\"yaml\" data-testid=\"content\">      <span class=\"hljs-attr\">enableProtocolSniffingForInbound:<\/span> <span class=\"hljs-literal\">true<\/span><\/span>\r\n<span id=\"LC184\" class=\"line\" lang=\"yaml\" data-testid=\"content\">      <span class=\"hljs-attr\">deploymentLabels:<\/span><\/span>\r\n<span id=\"LC185\" class=\"line\" lang=\"yaml\" data-testid=\"content\">      <span class=\"hljs-attr\">podLabels:<\/span> <span class=\"\">{<\/span><span class=\"\">}<\/span><\/span>\r\n<span id=\"LC186\" class=\"line\" lang=\"yaml\" data-testid=\"content\">      <span class=\"hljs-attr\">configMap:<\/span> <span class=\"hljs-literal\">true<\/span><\/span>\r\n<span id=\"LC187\" class=\"line\" lang=\"yaml\" data-testid=\"content\"><\/span>\r\n<span id=\"LC188\" class=\"line\" lang=\"yaml\" data-testid=\"content\">    <span class=\"hljs-attr\">telemetry:<\/span><\/span>\r\n<span id=\"LC189\" class=\"line\" lang=\"yaml\" data-testid=\"content\">      <span class=\"hljs-attr\">enabled:<\/span> <span class=\"hljs-literal\">true<\/span><\/span>\r\n<span id=\"LC190\" class=\"line\" lang=\"yaml\" data-testid=\"content\">      <span class=\"hljs-attr\">v2:<\/span><\/span>\r\n<span id=\"LC191\" class=\"line\" lang=\"yaml\" data-testid=\"content\">        <span class=\"hljs-attr\">enabled:<\/span> <span class=\"hljs-literal\">true<\/span><\/span>\r\n<span id=\"LC192\" class=\"line\" lang=\"yaml\" data-testid=\"content\">        <span class=\"hljs-attr\">metadataExchange:<\/span><\/span>\r\n<span id=\"LC193\" class=\"line\" lang=\"yaml\" data-testid=\"content\">          <span class=\"hljs-attr\">wasmEnabled:<\/span> <span class=\"hljs-literal\">false<\/span><\/span>\r\n<span id=\"LC194\" class=\"line\" lang=\"yaml\" data-testid=\"content\">        <span class=\"hljs-attr\">prometheus:<\/span><\/span>\r\n<span id=\"LC195\" class=\"line\" lang=\"yaml\" data-testid=\"content\">          <span class=\"hljs-attr\">wasmEnabled:<\/span> <span class=\"hljs-literal\">false<\/span><\/span>\r\n<span id=\"LC196\" class=\"line\" lang=\"yaml\" data-testid=\"content\">          <span class=\"hljs-attr\">enabled:<\/span> <span class=\"hljs-literal\">true<\/span><\/span>\r\n<span id=\"LC197\" class=\"line\" lang=\"yaml\" data-testid=\"content\">        <span class=\"hljs-attr\">stackdriver:<\/span><\/span>\r\n<span id=\"LC198\" class=\"line\" lang=\"yaml\" data-testid=\"content\">          <span class=\"hljs-attr\">enabled:<\/span> <span class=\"hljs-literal\">false<\/span><\/span>\r\n<span id=\"LC199\" class=\"line\" lang=\"yaml\" data-testid=\"content\">          <span class=\"hljs-attr\">logging:<\/span> <span class=\"hljs-literal\">false<\/span><\/span>\r\n<span id=\"LC200\" class=\"line\" lang=\"yaml\" data-testid=\"content\">          <span class=\"hljs-attr\">monitoring:<\/span> <span class=\"hljs-literal\">false<\/span><\/span>\r\n<span id=\"LC201\" class=\"line\" lang=\"yaml\" data-testid=\"content\">          <span class=\"hljs-attr\">topology:<\/span> <span class=\"hljs-literal\">false<\/span><\/span>\r\n<span id=\"LC202\" class=\"line\" lang=\"yaml\" data-testid=\"content\">          <span class=\"hljs-attr\">configOverride:<\/span> <span class=\"\">{<\/span><span class=\"\">}<\/span><\/span>\r\n<span id=\"LC203\" class=\"line\" lang=\"yaml\" data-testid=\"content\"><\/span>\r\n<span id=\"LC204\" class=\"line\" lang=\"yaml\" data-testid=\"content\">    <span class=\"hljs-attr\">istiodRemote:<\/span><\/span>\r\n<span id=\"LC205\" class=\"line\" lang=\"yaml\" data-testid=\"content\">      <span class=\"hljs-attr\">injectionURL:<\/span> <span class=\"hljs-string\">\"\"<\/span><\/span>\r\n<span id=\"LC206\" class=\"line\" lang=\"yaml\" data-testid=\"content\">      <\/span>\r\n<span id=\"LC207\" class=\"line\" lang=\"yaml\" data-testid=\"content\">    <span class=\"hljs-attr\">gateways:<\/span><\/span>\r\n<span id=\"LC208\" class=\"line\" lang=\"yaml\" data-testid=\"content\">      <span class=\"hljs-attr\">istio-egressgateway:<\/span><\/span>\r\n<span id=\"LC209\" class=\"line\" lang=\"yaml\" data-testid=\"content\">        <span class=\"hljs-attr\">env:<\/span> <span class=\"\">{<\/span><span class=\"\">}<\/span><\/span>\r\n<span id=\"LC210\" class=\"line\" lang=\"yaml\" data-testid=\"content\">        <span class=\"hljs-attr\">autoscaleEnabled:<\/span> <span class=\"hljs-literal\">true<\/span><\/span>\r\n<span id=\"LC211\" class=\"line\" lang=\"yaml\" data-testid=\"content\">        <span class=\"hljs-attr\">type:<\/span> <span class=\"hljs-string\">ClusterIP<\/span><\/span>\r\n<span id=\"LC212\" class=\"line\" lang=\"yaml\" data-testid=\"content\">        <span class=\"hljs-attr\">name:<\/span> <span class=\"hljs-string\">istio-egressgateway<\/span><\/span>\r\n<span id=\"LC213\" class=\"line\" lang=\"yaml\" data-testid=\"content\">        <span class=\"hljs-attr\">secretVolumes:<\/span><\/span>\r\n<span id=\"LC214\" class=\"line\" lang=\"yaml\" data-testid=\"content\">          <span class=\"hljs-bullet\">-<\/span> <span class=\"hljs-attr\">name:<\/span> <span class=\"hljs-string\">egressgateway-certs<\/span><\/span>\r\n<span id=\"LC215\" class=\"line\" lang=\"yaml\" data-testid=\"content\">            <span class=\"hljs-attr\">secretName:<\/span> <span class=\"hljs-string\">istio-egressgateway-certs<\/span><\/span>\r\n<span id=\"LC216\" class=\"line\" lang=\"yaml\" data-testid=\"content\">            <span class=\"hljs-attr\">mountPath:<\/span> <span class=\"hljs-string\">\/etc\/istio\/egressgateway-certs<\/span><\/span>\r\n<span id=\"LC217\" class=\"line\" lang=\"yaml\" data-testid=\"content\">          <span class=\"hljs-bullet\">-<\/span> <span class=\"hljs-attr\">name:<\/span> <span class=\"hljs-string\">egressgateway-ca-certs<\/span><\/span>\r\n<span id=\"LC218\" class=\"line\" lang=\"yaml\" data-testid=\"content\">            <span class=\"hljs-attr\">secretName:<\/span> <span class=\"hljs-string\">istio-egressgateway-ca-certs<\/span><\/span>\r\n<span id=\"LC219\" class=\"line\" lang=\"yaml\" data-testid=\"content\">            <span class=\"hljs-attr\">mountPath:<\/span> <span class=\"hljs-string\">\/etc\/istio\/egressgateway-ca-certs<\/span><\/span>\r\n<span id=\"LC220\" class=\"line\" lang=\"yaml\" data-testid=\"content\"><\/span>\r\n<span id=\"LC221\" class=\"line\" lang=\"yaml\" data-testid=\"content\">      <span class=\"hljs-attr\">istio-ingressgateway:<\/span><\/span>\r\n<span id=\"LC222\" class=\"line\" lang=\"yaml\" data-testid=\"content\">        <span class=\"hljs-attr\">autoscaleEnabled:<\/span> <span class=\"hljs-literal\">true<\/span><\/span>\r\n<span id=\"LC223\" class=\"line\" lang=\"yaml\" data-testid=\"content\">        <span class=\"hljs-attr\">type:<\/span> <span class=\"hljs-string\">ClusterIP<\/span><\/span>\r\n<span id=\"LC224\" class=\"line\" lang=\"yaml\" data-testid=\"content\">        <span class=\"hljs-attr\">name:<\/span> <span class=\"hljs-string\">istio-ingressgateway<\/span><\/span>\r\n<span id=\"LC225\" class=\"line\" lang=\"yaml\" data-testid=\"content\">        <span class=\"hljs-attr\">env:<\/span> <span class=\"\">{<\/span><span class=\"\">}<\/span><\/span>\r\n<span id=\"LC226\" class=\"line\" lang=\"yaml\" data-testid=\"content\">        <span class=\"hljs-attr\">secretVolumes:<\/span><\/span>\r\n<span id=\"LC227\" class=\"line\" lang=\"yaml\" data-testid=\"content\">          <span class=\"hljs-bullet\">-<\/span> <span class=\"hljs-attr\">name:<\/span> <span class=\"hljs-string\">ingressgateway-certs<\/span><\/span>\r\n<span id=\"LC228\" class=\"line\" lang=\"yaml\" data-testid=\"content\">            <span class=\"hljs-attr\">secretName:<\/span> <span class=\"hljs-string\">istio-ingressgateway-certs<\/span><\/span>\r\n<span id=\"LC229\" class=\"line\" lang=\"yaml\" data-testid=\"content\">            <span class=\"hljs-attr\">mountPath:<\/span> <span class=\"hljs-string\">\/etc\/istio\/ingressgateway-certs<\/span><\/span>\r\n<span id=\"LC230\" class=\"line\" lang=\"yaml\" data-testid=\"content\">          <span class=\"hljs-bullet\">-<\/span> <span class=\"hljs-attr\">name:<\/span> <span class=\"hljs-string\">ingressgateway-ca-certs<\/span><\/span>\r\n<span id=\"LC231\" class=\"line\" lang=\"yaml\" data-testid=\"content\">            <span class=\"hljs-attr\">secretName:<\/span> <span class=\"hljs-string\">istio-ingressgateway-ca-certs<\/span><\/span>\r\n<span id=\"LC232\" class=\"line\" lang=\"yaml\" data-testid=\"content\">            <span class=\"hljs-attr\">mountPath:<\/span> <span class=\"hljs-string\">\/etc\/istio\/ingressgateway-ca-certs<\/span><\/span><\/em><\/strong>\r\n<span id=\"LC233\" class=\"line\" lang=\"yaml\" data-testid=\"content\"><\/span><\/pre>\n<p><strong>Enabling sidecar injection<\/strong><\/p>\n<p><span style=\"font-weight: 400;\">Istio will automatically inject sidecar containers into application pods launched in any namespace labeled with is-injection=enabled.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">So, we will label the namespace where the application is running to attach the sidecar, which is an envoy proxy sidecar.\u00a0<\/span><\/p>\n<pre><span style=\"font-weight: 400;\">$ kubectl label namespace default istio-injection=enabled<\/span><\/pre>\n<h3><strong>Gateways<\/strong><\/h3>\n<p><span style=\"font-weight: 400;\">A <\/span><b>gateway<\/b><span style=\"font-weight: 400;\"> controls the flow of traffic into and out of the service mesh. Behind the scenes, a gateway is an Envoy proxy instance deployed in a standalone configuration (not attached to an application container) at the notional boundary of the data plane.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Use cases for gateways revolve around the management of inbound traffic.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Gateways act similarly to regular Kubernetes ingress resources, but istio-ingress gateway has more features to route traffic with proper traffic management inside the mesh.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Gateway with the below configuration:&#8211;\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">-&gt; Istio-ingress-gateway.yaml<\/span><\/p>\n<pre class=\"code highlight\"><strong><span id=\"LC1\" class=\"line\" lang=\"yaml\" data-testid=\"content\"><span class=\"hljs-attr\">apiVersion:<\/span> <span class=\"hljs-string\">networking.istio.io\/v1alpha3<\/span><\/span>\r\n<span id=\"LC2\" class=\"line\" lang=\"yaml\" data-testid=\"content\"><span class=\"hljs-attr\">kind:<\/span> <span class=\"hljs-string\">Gateway<\/span><\/span>\r\n<span id=\"LC3\" class=\"line\" lang=\"yaml\" data-testid=\"content\"><span class=\"hljs-attr\">metadata:<\/span>    <\/span>\r\n<span id=\"LC4\" class=\"line\" lang=\"yaml\" data-testid=\"content\">  <span class=\"hljs-attr\">name:<\/span> Example<span class=\"hljs-string\">-gateway<\/span> <span class=\"hljs-comment\">#subjected to cluster<\/span><\/span>\r\n<span id=\"LC5\" class=\"line\" lang=\"yaml\" data-testid=\"content\">  <span class=\"hljs-attr\">namespace:<\/span> <span class=\"hljs-string\">istio-system<\/span><\/span>\r\n<span id=\"LC6\" class=\"line\" lang=\"yaml\" data-testid=\"content\"><span class=\"hljs-attr\">spec:<\/span><\/span>\r\n<span id=\"LC7\" class=\"line\" lang=\"yaml\" data-testid=\"content\">  <span class=\"hljs-attr\">selector:<\/span><\/span>\r\n<span id=\"LC8\" class=\"line\" lang=\"yaml\" data-testid=\"content\">    <span class=\"hljs-attr\">istio:<\/span> <span class=\"hljs-string\">ingressgateway<\/span> <span class=\"hljs-comment\"># use istio default controller<\/span><\/span>\r\n<span id=\"LC9\" class=\"line\" lang=\"yaml\" data-testid=\"content\">  <span class=\"hljs-attr\">servers:<\/span><\/span>\r\n<span id=\"LC10\" class=\"line\" lang=\"yaml\" data-testid=\"content\">  <span class=\"hljs-bullet\">-<\/span> <span class=\"hljs-attr\">hosts:<\/span><\/span>\r\n<span id=\"LC11\" class=\"line\" lang=\"yaml\" data-testid=\"content\">    <span class=\"hljs-bullet\">-<\/span> <span class=\"hljs-string\">\"*\"<\/span> <span class=\"hljs-comment\">#subjected to change<\/span><\/span>\r\n<span id=\"LC12\" class=\"line\" lang=\"yaml\" data-testid=\"content\">    <span class=\"hljs-attr\">port:<\/span><\/span>\r\n<span id=\"LC13\" class=\"line\" lang=\"yaml\" data-testid=\"content\">      <span class=\"hljs-attr\">number:<\/span> <span class=\"hljs-number\">80<\/span><\/span>\r\n<span id=\"LC14\" class=\"line\" lang=\"yaml\" data-testid=\"content\">      <span class=\"hljs-attr\">name:<\/span> <span class=\"hljs-string\">http<\/span><\/span>\r\n<span id=\"LC15\" class=\"line\" lang=\"yaml\" data-testid=\"content\">      <span class=\"hljs-attr\">protocol:<\/span> <span class=\"hljs-string\">HTTP<\/span><\/span>\r\n<span id=\"LC16\" class=\"line\" lang=\"yaml\" data-testid=\"content\">    <span class=\"hljs-attr\">tls:<\/span><\/span>\r\n<span id=\"LC17\" class=\"line\" lang=\"yaml\" data-testid=\"content\">      <span class=\"hljs-attr\">httpsRedirect:<\/span> <span class=\"hljs-literal\">true<\/span><\/span>\r\n<\/strong><\/pre>\n<p><span style=\"font-weight: 400;\"><br \/>\nGateway is configured for incoming traffic to service mesh or into the cluster.<\/span><span style=\"font-weight: 400;\">Even if the ingress gateway is set up it is still unreachable from the internet. We will now connect the GCLB for reachable from the internet.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The load balancer offers a couple of great features that can be useful to serve the traffic that is as follows:-<\/span><\/p>\n<p><span style=\"font-weight: 400;\">\u25cf\u00a0 Anycast IP<\/span><\/p>\n<p><span style=\"font-weight: 400;\">\u25cf\u00a0 Container-native LB \/ Network Endpoint Group<\/span><\/p>\n<p><span style=\"font-weight: 400;\">\u25cf\u00a0 Prevent DDOS attacks because it is cloud-managed.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Now, we will set up GCLB in front of the istio-ingress gateway.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">First, we will need a standard Kubernetes ingress resource and two other resources: the FrontendConfig and the BackendConfig. <\/span><span style=\"font-weight: 400;\">We will set the GCLB\u2019s health-check configuration thanks to the BackendConfig.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">-&gt;\u00a0 Backend.yaml<\/span><\/p>\n<p>&nbsp;<\/p>\n<pre class=\"code highlight\"><strong><span id=\"LC1\" class=\"line\" lang=\"yaml\" data-testid=\"content\"><span class=\"hljs-attr\">apiVersion:<\/span> <span class=\"hljs-string\">cloud.google.com\/v1<\/span><\/span>\r\n<span id=\"LC2\" class=\"line\" lang=\"yaml\" data-testid=\"content\"><span class=\"hljs-attr\">kind:<\/span> <span class=\"hljs-string\">BackendConfig<\/span><\/span>\r\n<span id=\"LC3\" class=\"line\" lang=\"yaml\" data-testid=\"content\"><span class=\"hljs-attr\">metadata:<\/span><\/span>\r\n<span id=\"LC4\" class=\"line\" lang=\"yaml\" data-testid=\"content\">  <span class=\"hljs-attr\">name:<\/span> <span class=\"hljs-string\">ingress<\/span><\/span>\r\n<span id=\"LC5\" class=\"line\" lang=\"yaml\" data-testid=\"content\">  <span class=\"hljs-attr\">namespace:<\/span> <span class=\"hljs-string\">istio-system<\/span><\/span>\r\n<span id=\"LC6\" class=\"line\" lang=\"yaml\" data-testid=\"content\"><span class=\"hljs-attr\">spec:<\/span><\/span>\r\n<span id=\"LC7\" class=\"line\" lang=\"yaml\" data-testid=\"content\">  <span class=\"hljs-attr\">timeoutSec:<\/span> <span class=\"hljs-number\">120<\/span><\/span>\r\n<span id=\"LC8\" class=\"line\" lang=\"yaml\" data-testid=\"content\">  <span class=\"hljs-attr\">healthCheck:<\/span><\/span>\r\n<span id=\"LC9\" class=\"line\" lang=\"yaml\" data-testid=\"content\">    <span class=\"hljs-attr\">checkIntervalSec:<\/span> <span class=\"hljs-number\">10<\/span><\/span>\r\n<span id=\"LC10\" class=\"line\" lang=\"yaml\" data-testid=\"content\">    <span class=\"hljs-attr\">timeoutSec:<\/span> <span class=\"hljs-number\">2<\/span><\/span>\r\n<span id=\"LC11\" class=\"line\" lang=\"yaml\" data-testid=\"content\">    <span class=\"hljs-attr\">port:<\/span> <span class=\"hljs-number\">15021<\/span><\/span>\r\n<span id=\"LC12\" class=\"line\" lang=\"yaml\" data-testid=\"content\">    <span class=\"hljs-attr\">type:<\/span> <span class=\"hljs-string\">HTTP<\/span><\/span>\r\n<span id=\"LC13\" class=\"line\" lang=\"yaml\" data-testid=\"content\">    <span class=\"hljs-attr\">requestPath:<\/span> <span class=\"hljs-string\">\/healthz\/ready<\/span><\/span>\r\n<\/strong><\/pre>\n<p><span style=\"font-weight: 400;\">The FrontendConfig will then be used to do HTTPS redirection directly at the GCLB level.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">-&gt; Frontend.yaml<br \/>\n<\/span><\/p>\n<pre class=\"code highlight\"><strong><span id=\"LC1\" class=\"line\" lang=\"yaml\" data-testid=\"content\"><span class=\"hljs-attr\">apiVersion:<\/span> <span class=\"hljs-string\">networking.gke.io\/v1beta1<\/span><\/span>\r\n<span id=\"LC2\" class=\"line\" lang=\"yaml\" data-testid=\"content\"><span class=\"hljs-attr\">kind:<\/span> <span class=\"hljs-string\">FrontendConfig<\/span><\/span>\r\n<span id=\"LC3\" class=\"line\" lang=\"yaml\" data-testid=\"content\"><span class=\"hljs-attr\">metadata:<\/span><\/span>\r\n<span id=\"LC4\" class=\"line\" lang=\"yaml\" data-testid=\"content\">  <span class=\"hljs-attr\">name:<\/span> <span class=\"hljs-string\">http-redirect<\/span><\/span>\r\n<span id=\"LC5\" class=\"line\" lang=\"yaml\" data-testid=\"content\">  <span class=\"hljs-attr\">namespace:<\/span> <span class=\"hljs-string\">istio-system<\/span><\/span>\r\n<span id=\"LC6\" class=\"line\" lang=\"yaml\" data-testid=\"content\"><span class=\"hljs-attr\">spec:<\/span><\/span>\r\n<span id=\"LC7\" class=\"line\" lang=\"yaml\" data-testid=\"content\">  <span class=\"hljs-attr\">redirectToHttps:<\/span><\/span>\r\n<span id=\"LC8\" class=\"line\" lang=\"yaml\" data-testid=\"content\">    <span class=\"hljs-attr\">enabled:<\/span> <span class=\"hljs-literal\">true<\/span><\/span>\r\n<span id=\"LC9\" class=\"line\" lang=\"yaml\" data-testid=\"content\">    <span class=\"hljs-attr\">responseCodeName:<\/span> <span class=\"hljs-string\">PERMANENT_REDIRECT<\/span><\/span>\r\n<\/strong><\/pre>\n<p><span style=\"font-weight: 400;\">Before that, we needed to do the redirection on the ingress gateway, and that was not ideal for our users and the infrastructure, having back-and-forth non-added-value traffic. <\/span><span style=\"font-weight: 400;\">We usually promote managing redirections on the top of our architecture, avoiding the HTTP request going all the way down to the ingress gateway to be redirected to HTTPS.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Both resources will be referenced via annotations: in the ingress resource for the FrontendConfig, and the backend service for the BackendConfig.<\/span><\/p>\n<pre><span style=\"font-weight: 400;\"># in the ingress gateway Service resource<\/span>\r\n<span style=\"font-weight: 400;\">cloud.google.com\/backend-config: '{\"default\": \"ingress\"}'<\/span>\r\n<span style=\"font-weight: 400;\"># in the Ingress resource<\/span>\r\n<span style=\"font-weight: 400;\">networking.gke.io\/v1beta1.FrontendConfig: http-redirect<\/span><\/pre>\n<p><span style=\"font-weight: 400;\">After setting these two config resources Now, we will create our Ingress. It\u2019s a standard Kubernetes Ingress object with annotations to work with GCP.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">We are using an ingress with annotations <\/span><i><span style=\"font-weight: 400;\">kubernetes.io\/ingress.class: gce<\/span><\/i><span style=\"font-weight: 400;\">. in the GKE cluster, a controller watches that annotation to create the GCLB based on the config we choose.<\/span><\/p>\n<pre class=\"code highlight\"><strong><span id=\"LC11\" class=\"line\" lang=\"yaml\" data-testid=\"content\"><span class=\"hljs-attr\">apiVersion:<\/span> <span class=\"hljs-string\">networking.k8s.io\/v1<\/span><\/span>\r\n<span id=\"LC12\" class=\"line\" lang=\"yaml\" data-testid=\"content\"><span class=\"hljs-attr\">kind:<\/span> <span class=\"hljs-string\">Ingress<\/span><\/span>\r\n<span id=\"LC13\" class=\"line\" lang=\"yaml\" data-testid=\"content\"><span class=\"hljs-attr\">metadata:<\/span><\/span>\r\n<span id=\"LC14\" class=\"line\" lang=\"yaml\" data-testid=\"content\">  <span class=\"hljs-attr\">name:<\/span> <span class=\"hljs-string\">istio-ingress<\/span><\/span>\r\n<span id=\"LC15\" class=\"line\" lang=\"yaml\" data-testid=\"content\">  <span class=\"hljs-attr\">namespace:<\/span> <span class=\"hljs-string\">istio-system<\/span><\/span>\r\n<span id=\"LC16\" class=\"line\" lang=\"yaml\" data-testid=\"content\">  <span class=\"hljs-attr\">annotations:<\/span><\/span>\r\n<span id=\"LC17\" class=\"line\" lang=\"yaml\" data-testid=\"content\">    <span class=\"hljs-attr\">ingress.gcp.kubernetes.io\/pre-shared-cert:<\/span> <span class=\"hljs-string\">\"crt\"<\/span> \r\n<\/span>    <span class=\"hljs-attr\">kubernetes.io\/ingress.global-static-ip-name:<\/span> <span class=\"hljs-string\">\"cluster-ip\"<\/span> <span class=\"hljs-comment\"># reserve global static IP<\/span><\/strong><\/pre>\n<pre class=\"code highlight\"><strong><span id=\"LC19\" class=\"line\" lang=\"yaml\" data-testid=\"content\">    <span class=\"hljs-attr\">kubernetes.io\/ingress.class:<\/span> <span class=\"hljs-string\">\"gce\"<\/span><\/span><\/strong><\/pre>\n<pre class=\"code highlight\"><strong><span id=\"LC22\" class=\"line\" lang=\"yaml\" data-testid=\"content\"><span class=\"hljs-attr\">    networking.gke.io\/v1beta1.FrontendConfig:<\/span> <span class=\"hljs-string\">http-redirect<\/span><\/span>\r\n<span id=\"LC23\" class=\"line\" lang=\"yaml\" data-testid=\"content\">    <\/span>\r\n<span id=\"LC24\" class=\"line\" lang=\"yaml\" data-testid=\"content\"><span class=\"hljs-attr\">spec:<\/span><\/span>\r\n<span id=\"LC25\" class=\"line\" lang=\"yaml\" data-testid=\"content\">  <span class=\"hljs-comment\"># tls:<\/span><\/span>\r\n<span id=\"LC26\" class=\"line\" lang=\"yaml\" data-testid=\"content\">  <span class=\"hljs-comment\"># - secretName: tls-cert-ingress<\/span><\/span>\r\n<span id=\"LC27\" class=\"line\" lang=\"yaml\" data-testid=\"content\">  <span class=\"hljs-comment\">#   hosts:<\/span><\/span>\r\n<span id=\"LC28\" class=\"line\" lang=\"yaml\" data-testid=\"content\">  <span class=\"hljs-comment\">#   - 'example.com'<\/span><\/span>\r\n<span id=\"LC29\" class=\"line\" lang=\"yaml\" data-testid=\"content\">  <span class=\"hljs-attr\">rules:<\/span><\/span>\r\n<span id=\"LC30\" class=\"line\" lang=\"yaml\" data-testid=\"content\">  <span class=\"hljs-bullet\">-<\/span> <span class=\"hljs-attr\">http:<\/span><\/span>\r\n<span id=\"LC31\" class=\"line\" lang=\"yaml\" data-testid=\"content\">      <span class=\"hljs-attr\">paths:<\/span><\/span>\r\n<span id=\"LC32\" class=\"line\" lang=\"yaml\" data-testid=\"content\">      <span class=\"hljs-bullet\">-<\/span> <span class=\"hljs-attr\">path:<\/span> <span class=\"hljs-string\">\/<\/span><\/span>\r\n<span id=\"LC33\" class=\"line\" lang=\"yaml\" data-testid=\"content\">        <span class=\"hljs-attr\">pathType:<\/span> <span class=\"hljs-string\">Prefix<\/span><\/span>\r\n<span id=\"LC34\" class=\"line\" lang=\"yaml\" data-testid=\"content\">        <span class=\"hljs-attr\">backend:<\/span><\/span>\r\n<span id=\"LC35\" class=\"line\" lang=\"yaml\" data-testid=\"content\">          <span class=\"hljs-attr\">service:<\/span>      <\/span>\r\n<span id=\"LC36\" class=\"line\" lang=\"yaml\" data-testid=\"content\">            <span class=\"hljs-attr\">name:<\/span> <span class=\"hljs-string\">istio-ingressgateway<\/span><\/span>\r\n<span id=\"LC37\" class=\"line\" lang=\"yaml\" data-testid=\"content\">            <span class=\"hljs-attr\">port:<\/span><\/span>\r\n<span id=\"LC38\" class=\"line\" lang=\"yaml\" data-testid=\"content\">              <span class=\"hljs-attr\">number:<\/span> <span class=\"hljs-number\">80<\/span><\/span>\r\n<\/strong><\/pre>\n<h2><strong>Conclusion<\/strong><\/h2>\n<p><span style=\"font-weight: 400;\">In summary, while GKE default utilizes Ingress for service exposure, as the system grows in complexity and scale, implementing a service mesh like Istio becomes crucial to optimize resource utilization, simplify management, and achieve cost-effectiveness. Istio&#8217;s ingress gateway offers a centralized entry point for external traffic, eliminating the need for individual load balancers and providing advanced traffic management capabilities for the services running in the GKE cluster.\u00a0<\/span><\/p>\n<p>Feed your curiosity \u2013<a href=\"https:\/\/www.tothenew.com\/blog\/\">\u00a0read more<\/a>\u00a0of our insightful blogs.<\/p>\n<div class=\"ap-custom-wrapper\"><\/div><!--ap-custom-wrapper-->","protected":false},"excerpt":{"rendered":"<p>By default, when running services on Google Kubernetes Engine (GKE), the preferred method for exposing these services to external traffic is using Ingress. Ingress provides a centralized entry point to the cluster and allows for the routing of external traffic to different services based on defined rules. However, as the number of services and complexity [&hellip;]<\/p>\n","protected":false},"author":1608,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"iawp_total_views":106},"categories":[2348],"tags":[5403,5402,5401],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/posts\/57844"}],"collection":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/users\/1608"}],"replies":[{"embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/comments?post=57844"}],"version-history":[{"count":2,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/posts\/57844\/revisions"}],"predecessor-version":[{"id":58346,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/posts\/57844\/revisions\/58346"}],"wp:attachment":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/media?parent=57844"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/categories?post=57844"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/tags?post=57844"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}