6

I am trying to understand the difference between the VirtualService and the Gateway in istio? As far I could understand, VirutalService is also used for the purpose of routing the traffic same as Gateway

Rajesh Kumar
  • 63
  • 1
  • 6
  • You would say what's the "exact" difference between red oranges and grapefruit, but you wouldn't say that with apples and pears, because they are a completely different fruit. So, there is no "exact" difference between a `Gateway` and a `VirtualService`. They are completely different objects. Just read the documentation. – suren Sep 16 '20 at 11:07
  • 1
    Thanks Suren. Updated the question as per the suggestion – Rajesh Kumar Sep 17 '20 at 05:07

1 Answers1

11

According to istio documentation:

A VirtualService defines a set of traffic routing rules to apply when a host is addressed. Each routing rule defines matching criteria for traffic of a specific protocol. If the traffic is matched, then it is sent to a named destination service (or subset/version of it) defined in the registry.

Gateway describes a load balancer operating at the edge of the mesh receiving incoming or outgoing HTTP/TCP connections. The specification describes a set of ports that should be exposed, the type of protocol to use, SNI configuration for the load balancer, etc.

Gateway is generally used to expose a VirtualService to the outside world. So with this object we can control how and which traffic from outside will reach one of our VirtualServices. It is also possible to specify how Gateway treats the traffic, E.g. TLS termination or SNI passthrough.

There are some configurations that are possible only when both Gateway and VirtualService work together.

In short Gateway is for external traffic while VirtualService is for traffic that is already inside the istio cluster.

Piotr Malec
  • 3,429
  • 11
  • 16