NLB -> Istio Gateway vs ALB -> Istio Gateway

kubernetes ibm-cloud load-balancing istio nlb

If you are using Istio then yes, istio orginally created with ingress controller in mind. Gateway+Virtual Service basically enables what you want. Some ingress controllers are more easy and have different plusses but if istio handles all you want then go for it.

kubernetes ibm-cloud load-balancing istio nlb

Yes, using ALB -> Istio gateway is redundant, as the virtual service takes care of all your custom routing rules (instead of ALB). Using an NLB hostname in front of the Istio gateway is the simplest method & recommended in the docs here: https://cloud.ibm.com/docs/containers?topic=containers-istio#no-tls

kubernetes ibm-cloud load-balancing istio nlb

i would not say ALB is redundant, ALB has a few options which you cant leverage from istio:

you cant add WAF on top of NLB which would leave your app exposed to security issues or you will need to address that into the cluster
there are scenarios where you would actually want to move traffic to a another pool of EC2 instances, it would be difficult to do that with istio
if you want to do SSL offload
depending on your application it would be potentially dangerous to use NLB because there is no security (security groups) added on top of your NLB as such you would need to expose your nodes directly to internet

CodeHunter

NLB -> Istio Gateway vs ALB -> Istio Gateway

Recent Posts

How can I color dots in a xy scatterplot according to column value?

How to update a claim in ASP.NET Identity?

What does {0} mean when initializing an object?

Accessing members of items in a JSONArray with Java

How to log SQL statements in Spring Boot?

Powershell Get-WebSite name parameter is ignored

How to detect scroll to bottom of html element

Java synchronized method

How to test controllers with CodeIgniter?

Detect Visual Composer

Matplotlib: Specify format of floats for tick labels

Rails join a list of strings with commas and "and" before the last