2

I see that for every knative service, 2 VirtualService objects are created namely ksvc-ingress which has knative-serving/knative-ingress-gateway & knative-serving/knative-local-gateway gateways configured and ksvc-mesh which has mesh as the gateway.

I can see the knative-serving/* gateways using kubectl but I am unable to find the mesh gateway object in any namespace. I would like to understand if mesh here denotes some special object or is it an istio keyword representing something else?

Mukund Jalan
  • 1,145
  • 20
  • 39

2 Answers2

1

As you noticed, knative uses istio as a service mesh.

In the Istio context mesh is not an object (or resource) like, for example, a Service. Istio About page explain what Service Mesh is:

A service mesh is a dedicated infrastructure layer that you can add to your applications. It allows you to transparently add capabilities like observability, traffic management, and security, without adding them to your own code. The term “service mesh” describes both the type of software you use to implement this pattern, and the security or network domain that is created when you use that software.

So mesh is a term that encapsulate all Istio objects (istio-proxy containers, Virtual Services, Ingress Gateways etc.), that work together to allow for traffic management inside cluster.

A Gateway is a load balancer operating at the edge of the mesh receiving incoming or outgoing HTTP/TCP connections.

  • So, if the mesh here is not a real object, which requests will this virtual service route? Is it anything originating from within the mesh will be routed using this virtual service? If that is the case, then what is the use of `knative-serving/knative-local-gateway`? – Mukund Jalan Feb 18 '22 at 10:07
1

The mesh name is a keyword, as you guessed. That keyword represents the East-West traffic between Pods in the Kubernetes cluster, as managed by the Istio sidecar. You can think of those VirtualServices as being programmed onto each sidecar to do the routing and traffic splitting next to the request sender, rather than needing to route to a central service / gateway.

E. Anderson
  • 3,405
  • 1
  • 16
  • 19
  • Is there any documentation available providing information on the `mesh` keyword? – Mukund Jalan Feb 21 '22 at 11:18
  • 1
    That's an Istio concept; a quick search yields https://discuss.istio.io/t/internal-traffic-with-virtualservice-and-destinationrule/3726 – E. Anderson Feb 22 '22 at 19:15
  • 1
    There's also mention in the `gateways` parameter of https://istio.io/latest/docs/reference/config/networking/virtual-service/#VirtualService – E. Anderson Feb 22 '22 at 19:15