Istio - Https-gateway(1.7.4版本)
程序员文章站
2022-06-17 13:09:12
...
官方参考:
Istio - task/traffic-management/ingress/secure-ingress
基本步骤:
1、创建secret
在K8s集群的某台机器上放置证书文件,进到证书文件目录,后基于kubectl命令创建证书secret
kubectl create -n istio-system secret tls mycom-crt --key=cert.key --cert=cert.crt
注意:
secret命令空间一定要选istio-system,否则Istio ingress-gateway pod容器无法加载secret(搞错namespace必被坑,每次一坑???? )
ingress-gateway无法加载证书secret日志:
ingress-gateway正确加载证书日志:
2、创建gateway
新版本的gateway可直接通过credentialName来关联证书对应的secret
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: mygateway
spec:
selector:
istio: ingressgateway # use istio default ingress gateway
servers:
- port:
number: 443
name: https
protocol: HTTPS
tls:
mode: SIMPLE
credentialName: mycom-crt # must be the same as secret
hosts:
- httpbin.example.com
新版1.7.4 gateway.tls配置
3、通过virtualservice关联gateway
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: httpbin
spec:
hosts:
- "httpbin.example.com"
gateways:
- mygateway
http:
- match:
- uri:
prefix: /status
- uri:
prefix: /delay
route:
- destination:
port:
number: 8000
host: httpbin
下一篇: php目录操作函数之获取目录与文件的类型