What is the difference VirtualService and Gateway in istio?

Question

I am trying to understand the difference between the VirtualService and the Gateway in istio? As far I could understand, VirutalService is also used for the purpose of routing the traffic same as Gateway

Answer 1

According to istio documentation:

A VirtualService defines a set of traffic routing rules to apply when a host is addressed. Each routing rule defines matching criteria for traffic of a specific protocol. If the traffic is matched, then it is sent to a named destination service (or subset/version of it) defined in the registry.

Gateway describes a load balancer operating at the edge of the mesh receiving incoming or outgoing HTTP/TCP connections. The specification describes a set of ports that should be exposed, the type of protocol to use, SNI configuration for the load balancer, etc.

Gateway is generally used to expose a VirtualService to the outside world. So with this object we can control how and which traffic from outside will reach one of our VirtualServices. It is also possible to specify how Gateway treats the traffic, E.g. TLS termination or SNI passthrough.

There are some configurations that are possible only when both Gateway and VirtualService work together.

In short Gateway is for external traffic while VirtualService is for traffic that is already inside the istio cluster.