# Ingress Gateway — 외부 인입 진입점. # selector로 기존 istio-ingressgateway pod(istio-system)에 바인딩. # Gateway는 "어떤 포트/호스트/프로토콜을 열지"만 선언, 라우팅은 VirtualService가 담당. apiVersion: networking.istio.io/v1beta1 kind: Gateway metadata: name: httpbin-gateway namespace: mesh-test spec: selector: istio: ingressgateway # istio-system의 ingress gateway pod 라벨 servers: # --- HTTP:80 --- - port: number: 80 name: http protocol: HTTP hosts: - "httpbin.example.com" # --- HTTPS:443 (TLS termination) --- # gateway가 TLS 복호화 후 평문으로 백엔드 전달. cert는 아래 credentialName secret. - port: number: 443 name: https protocol: HTTPS tls: mode: SIMPLE credentialName: httpbin-tls # istio-system ns의 kubernetes.io/tls secret hosts: - "httpbin.example.com"