All Products
Search
Document Center

Alibaba Cloud Service Mesh:Manage Istio gateways

最終更新日:Nov 28, 2024

An Istio gateway defines a load balancer that runs at the edge of a Service Mesh (ASM) instance to receive inbound or outbound HTTP/TCP traffic. This topic describes how to create, modify, and delete an Istio gateway.

Prerequisites

An ASM instance is created. For more information, see Create an ASM instance.

Create an Istio gateway

Method 1: Create an Istio gateway by setting the parameters on the configuration GUI of the ASM console

  1. Log on to the ASM console. In the left-side navigation pane, choose Service Mesh > Mesh Management.

  2. On the Mesh Management page, click the name of the ASM instance. In the left-side navigation pane, choose ASM Gateways > Gateway. On the page that appears, click Create.

  3. On the Create page, set the parameters and click Create.

    The following figure provides a configuration example. For the descriptions of the configuration items, see Gateway.

    A1A78515-8B76-4286-ACDD-75BB5B61A617

Method 2: Use a YAML file to create an Istio gateway

  1. Log on to the ASM console. In the left-side navigation pane, choose Service Mesh > Mesh Management.

  2. On the Mesh Management page, click the name of the ASM instance. In the left-side navigation pane, choose ASM Gateways > Gateway. On the page that appears, click Create from YAML.

  3. On the Create page, select the desired namespace from the Namespace drop-down list, select the template that you want to use to create the Istio gateway from the Template drop-down list, modify the configurations of the Istio gateway in the YAML code editor, and then click Create.

    The following YAML code provides an example of the configurations of the Istio gateway. This Istio gateway defines how to expose ports 80, 9080, 443, and 9443 on the gateway. This Istio gateway applies to pods that carry the istio: ingressgateway label. For more information, see Gateway.

    Show the sample YAML code

    apiVersion: networking.istio.io/v1alpha3
    kind: Gateway
    metadata:
      name: my-gateway
      namespace: some-config-namespace
    spec:
      selector:
        istio: ingressgateway
      servers:
      - port:
          number: 80
          name: http
          protocol: HTTP
        hosts:
        - test1.com
        - test2.com
        tls:
          httpsRedirect: true
      - port:
          number: 443
          name: https-443
          protocol: HTTPS
        hosts:
        - uk.bookinfo.com
        - eu.bookinfo.com
        tls:
          mode: SIMPLE
          serverCertificate: /etc/certs/servercert.pem
          privateKey: /etc/certs/privatekey.pem
      - port:
          number: 9443
          name: https-9443
          protocol: HTTPS
        hosts:
        - "bookinfo-namespace/*.bookinfo.com"
        tls:
          mode: SIMPLE
          credentialName: bookinfo-secret
      - port:
          number: 9080
          name: http-wildcard
          protocol: HTTP
        hosts:
        - "*"

Related operations

After an Istio gateway is created, you can perform the following operations in the Actions column on the Gateway page:

  • View or modify the YAML code: Find the desired Istio gateway and click YAML. In the Edit dialog box, modify the configurations of the Istio gateway based on your business requirements and click OK.

  • Manage the version: Find the desired Istio gateway and click Version. In the Version dialog box, click Rollback. For more information, see Roll back an Istio resource to an earlier version.

  • Delete the Istio gateway: Find the desired Istio gateway and click Delete. In the Submit message, click OK.

    Important

    After you delete an Istio gateway, the corresponding traffic routing rules no longer work. As a result, services may be inaccessible. Exercise caution when you perform this operation.