cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
MarkosS
Flight Engineer
Flight Engineer
‎02-25-2024 10:35 AM
  • 805 Views

General question - minimum service mesh traffic flow

Jump to solution

I am a bit confused:

If I add a namespace in SMMR and add the appropriate annotation in my deployment, then envoy is injected and I have a minimum service-mesh-enabled application.

My question is: In this case no virtualService and DestinationRule are created automatically,
also no gateway is automatically created (correction: istio-ingressgateway and istio-egressgateway deployments are created automatically in the control plane namespace)

So how traffic enters the service mesh? When I curl my service (or route), does it go to the envoy ? Or first to the istio-ingressgateway and from there to my service?

Join the discussion
1 Solution

Accepted Solutions
MarkosS
Flight Engineer
Flight Engineer
‎07-12-2025 07:52 PM
  • 215 Views

Jump to solution

I am going to answer my question in case anyone else finds this usefull when starting with Istio:

If you curl your service from within the Kubernetes cluster (e.g., by exec-ing into another pod in the mesh): The request will be intercepted by that pod's Envoy sidecar and routed directly to your service's Envoy sidecar. The ingress gateway is not used.

If you curl your service from outside the Kubernetes cluster: The request must first go to the istio-ingressgateway, and you need a Gateway and VirtualService to allow and route that traffic. Without them, the request will fail.



View solution in original post

2 Replies
MarkosS
Flight Engineer
Flight Engineer
‎07-12-2025 07:52 PM
  • 216 Views

Jump to solution

I am going to answer my question in case anyone else finds this usefull when starting with Istio:

If you curl your service from within the Kubernetes cluster (e.g., by exec-ing into another pod in the mesh): The request will be intercepted by that pod's Envoy sidecar and routed directly to your service's Envoy sidecar. The ingress gateway is not used.

If you curl your service from outside the Kubernetes cluster: The request must first go to the istio-ingressgateway, and you need a Gateway and VirtualService to allow and route that traffic. Without them, the request will fail.



Chetan_Tiwary_
Community Manager
Community Manager
‎07-12-2025 07:54 PM
  • 212 Views

Jump to solution

Thanks @MarkosS for coming back and provide a resolution to your own question. This will definitely help others !

Join the discussion
You must log in to join this conversation.
Red Hat Learning Community

Red Hat

Learning Community

A collaborative learning environment, enabling open source skill development.

Red Hat Inc. Copyright ?2025 Red Hat, Inc. Privacy policy Terms of use