Galley is mostly a behind-the-scenes component for gathering and validating user configuration for the other parts of the system. It is a component of Istio's control plane and provides configuration validation, ingestion, processing, and distribution using the Mesh Configuration Protocol (MCP – https://archive.istio.io/v1.3/docs/reference/config/istio.mesh.v1alpha1/). An external service registry, such as Eureka Server in Spring Cloud or Zookeeper for Apache Dubbo, can integrate with the Istio control plane through Galley.

Galley works in the background by providing configuration management services to different Istio components. Galley helps to shield the rest of the Istio components from the specific details of obtaining user configuration for platforms other than Kubernetes. The Galley was initially developed to verify configuration details but was later extended to a configuration center for the entire control plane. 

It contains Kubernetes Custom Resource Definition (CRD) listeners for collecting configuration using /admitpilot and /admitmixer from the Galley server, a Mesh Configuration Protocol (MCP) server implementation for distributing configuration, and a validation webhook for preingestion validation by the Kubernetes API Server:

$ kubectl get validatingwebhookconfiguration istio-galley
NAME           CREATED AT
istio-galley   2019-07-30T03:00:43Z

MCP provides a set of APIs for configuring subscriptions and distributions. Pilot and Mixer, which we will discuss in the following sections, are the consumers of the Galley. The resource is sent to the consumer. Here, it's the configuration that's applied. Pilot and Mixer connect to the Galley server as clients of the service for configuration subscription. Galley can be configured to actively connect to sinks (Pilot/Mixer) in remote Istio clusters.

For example, in a mesh of multiple Kubernetes clusters, in the primary cluster, Galley can provide configuration management for various clusters of Pilot/Mixer. Galley can initiate the connection as the client of gRPC, while Pilot/Mixer implements the ResourceSink service as the gRPC server.

There is a Galley dashboard in Grafana that we can use to view the scraped metric from Galley through Prometheus. (We will deep dive into Prometheus and Grafana in Chapter 13, Exploring Istio Telemetry Features.)

Galley sits behind the scenes performing configuration management. What pushes all of those configuration policies to the Envoy sidecar proxies? That would be Pilot. Let's learn more about it.