Ingress Gateway

<< Back to Technical Glossary

Ingress Gateway Definition

An Ingress gateway receives incoming HTTP/TCP connections at the edge of a network, container cluster, or service mesh – commonly known to the open-source community as the Istio project The ingress gateway (also known as north-south proxy) configures ports, protocols, and other virtual services, and can be used to apply application services such as load balancing, web application firewall and global server load balancing (GSLB) to the container clusters. When containerized applications scale, an inter-cluster gateway is needed to ensure secure communications between multiple clusters.

Diagram depicts an ingress gateway receives incoming HTTP/TCP connections at the edge of a network, container cluster, or service mesh - commonly known to the open-source community as the  Istio project The ingress gateway (also known as north-south proxy) configures ports, protocols, and other virtual services, and can be used to apply application services such as load balancing, web application firewall and global server load balancing (GSLB) to the container clusters.

FAQs

What Is an Ingress Gateway?

An ingress gateway works with a service mesh such as Istio to route traffic and applies cluster access rules as simple as whitelist / blacklist created by the administrator. Istio ingress gateway integrations operate at the edge of a service mesh, receiving incoming HTTP/TCP connections while configuring ports, protocols and virtual services.

What Is the Difference Between An Ingress Gateway and An Egress Gateway?

An ingress gateway routes traffic into the service mesh. An ingress router requires a virtual service to define where the traffic will be routed.

An egress gateway is a point where traffic leaves a service mesh.

Ingress Controller Versus API Gateway

An ingress controller is a third-party implementation that controllers ingress resources and allows URL-based HTTP routing in a Kubernetes cluster.

An ingress API gateway is fundamentally the same as an ingress controller. The Kubernetes-native API gateway is Ambassador built on the Envoy Proxy. Both manage external traffic routed to microservices. In some configurations, an API gateway is deployed in front of multiple load balancers as a unified API entry point to handle different protocols but it can add another layer of complexities.

The ingress resource was created to set a standard, which focused on basic functionality. But there are still many function extensions among ingress controllers that have fragmented standards.

Does Avi Offer an Ingress Gateway?

Yes. Avi Vantage delivers multi-cloud application services for containerized applications with microservices architecture through dynamic service discovery, application maps, and micro-segmentation. Universal Service Mesh is optimized for North-South (ingress) and East-West traffic management, including local and global load balancing. Avi integrates with OpenShift / Kubernetes for container orchestration and security, and Istio for ingress gateway and service mesh.

For more information see the following ingress gateway resources: