Adding multiple ingress gateways to customer-installed Anthos Service Mesh

This procedure describes adding additional Anthos Service Mesh (ASM) gateways to your Apigee hybrid installation.

Installing additional Anthos Service Mesh gateways

In the ASM overlay.yaml file you can add more ingress gateways by following a similar pattern as the one below. Note that the spec.components[].label and spec.components[].k8s.service.selector elements allow you to associate a named ingress gateway with a specific virtual host, as explained in Targeting an ingress to a virtual host.

apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
spec:
  profile: asm-gcp
  # hub: gcr.io/gke-release/asm # {"$ref":"#/definitions/io.k8s.cli.setters.anthos.servicemesh.hub"}
  components:
    ingressGateways:
    - name: istio-ingressgateway-dairy
      enabled: true
      label:
        app: istio-ingressgateway
        ingress_name: dairy
      k8s:
        service:
          selector:
            app: istio-ingressgateway
            ingress_name: dairy
          type: LoadBalancer
          ports:
          - name: status-port
            port: 15021
          - name: http2
            port: 80
            targetPort: 8080
          - name: https
            port: 443
            targetPort: 8443
        hpaSpec:
          minReplicas: 1
          maxReplicas: 10
    - name: istio-ingressgateway-vegetables
      enabled: true
      label:
        app: istio-ingressgateway
        ingress_name: vegetables
      k8s:
        service:
          selector:
            app: istio-ingressgateway
            ingress_name: vegetables
          ports:
          - name: http2
            port: 80
            targetPort: 8080
          - name: status-port
            port: 15020
          - name: https
            port: 443
            targetPort: 8443
        hpaSpec:
          minReplicas: 1
          maxReplicas: 10
        resources:
          requests:
            cpu: 300m
            memory: 128Mi

Follow the Anthos Service Mesh documentation for your platform to apply the changes.

Targeting an ASM/istio ingress to a virtual host

You can target a labeled ASM/istio ingress gateway to a specific virtual host in your overrides file. This configuration specifies the ingress gateway where Apigee will apply the virtual host's configuration. In the following example, traffic to virtual host milk-vh is directed through the ingress labeled dairy and traffic to the other two virtual hosts goes through the vegetables ingress. The ingresses must be properly labeled, as explained in Installing additional Apigee ingress gateway gateways.

virtualhosts:
- name: milk-vh
  sslCertPath: cert-milk.crt
  sslKeyPath: cert-milk.key
  selector:
    app: istio-ingressgateway
    ingress_name: dairy

- name: carrots-vh
  sslCertPath: cert-carrots.crt
  sslKeyPath: cert-carrots.key
  selector:
    app: istio-ingressgateway
    ingress_name: vegetables

- name: ginger-vh
  sslCertPath: cert-ginger.crt
  sslKeyPath: cert-ginger.key
  selector:
    app: apigee-ingressgateway
    ingress_name: vegetables