Service Mesh (ASM) allows you to access a service over HTTPS by using an ASM ingress gateway. When you access a service over HTTPS, you must configure Transport Layer Security (TLS) termination on the corresponding access path to the service by specifying a certificate. After you implement TLS termination, encrypted HTTPS requests are decrypted and then sent to the pods of the backend service over HTTP.
Configure methods for accessing the backend services of an ASM ingress gateway over HTTPS
The following figure shows the access path to a backend service of the ASM ingress gateway over HTTPS.
The following methods are available for you to access the backend services of an ASM ingress gateway over HTTPS:
Method | Description | References |
Configure TLS termination on an ASM ingress gateway | We recommend that you use this method. You can configure a certificate for the ASM ingress gateway. The ASM ingress gateway decrypts HTTPS requests and forwards HTTP requests to its backend services. If you use this method, you can manage the certificate of the ASM ingress gateway in the ASM console. | |
Configure TLS termination on a Classic Load Balancer (CLB) instance | If you have created a CLB instance for an ASM ingress gateway, you can bind a certificate to the CLB instance and create an HTTPS listener for the CLB instance to access backend services over HTTPS. The CLB instance decrypts HTTPS requests and sends HTTP requests to the ASM ingress gateway. To use this method, you must manage the certificate in the CLB console and enable HTTP access in the ASM console. | |
Configure TLS termination on backend services | If TLS termination is configured on the backend services of an ASM ingress gateway, you can enable TLS pass-through for the ASM ingress gateway to forward HTTPS requests to the backend services. If you use this method, backend services accept HTTPS requests, decrypt HTTPS requests, and manage the corresponding certificate. |