Manage Istio gateways-Alibaba Cloud Service Mesh-阿里云帮助中心

An Istio gateway is a load balancer at the edge of the service mesh that manages inbound and outbound HTTP or TCP traffic. This topic describes how to create, modify, and delete Istio gateways.

Prerequisites

An ASM instance is created. For more information, see Create an ASM instance.

Create an Istio gateway

Method 1: Create an Istio gateway using the console

Log on to the ASM console. In the left-side navigation pane, choose Service Mesh > Mesh Management.
On the Mesh Management page, click the name of the ASM instance. In the left-side navigation pane, choose ASM Gateways > Gateway. On the page that appears, click Create.
On the Create page, configure the parameters and click Create.

For more information about the parameters, see Gateway CRD instructions.

Example configuration: Set Namespace to default and Name to bookinfo-gateway. For Gateway Workload, select Custom Label Selector, and set the label key to istio and the label value to ingressgateway. In the Services section, set Name to http, Port to 80, Protocol to HTTP, and Hosts to *.

Method 2: Create an Istio gateway using YAML

Log on to the ASM console. In the left-side navigation pane, choose Service Mesh > Mesh Management.
On the Mesh Management page, click the name of the ASM instance. In the left-side navigation pane, choose ASM Gateways > Gateway. On the page that appears, click Create from YAML.

On the Create page, select a Namespaces and a Scenario Template. In the YAML editor, modify the configuration as needed, and then click Create.

The following example defines an Istio gateway that exposes ports 80, 9080, 443, and 9443. This rule applies to pods with the istio: ingressgateway label. For more information, see Gateway CRD instructions.

Example YAML

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: my-gateway
  namespace: some-config-namespace
spec:
  selector:
    istio: ingressgateway
  servers:
  - port:
      number: 80
      name: http
      protocol: HTTP
    hosts:
    - test1.com
    - test2.com
    tls:
      httpsRedirect: true
  - port:
      number: 443
      name: https-443
      protocol: HTTPS
    hosts:
    - uk.bookinfo.com
    - eu.bookinfo.com
    tls:
      mode: SIMPLE
      serverCertificate: /etc/certs/servercert.pem
      privateKey: /etc/certs/privatekey.pem
  - port:
      number: 9443
      name: https-9443
      protocol: HTTPS
    hosts:
    - "bookinfo-namespace/*.bookinfo.com"
    tls:
      mode: SIMPLE
      credentialName: bookinfo-secret
  - port:
      number: 9080
      name: http-wildcard
      protocol: HTTP
    hosts:
    - "*"

Related operations

On the Gateway page, you can perform the following operations on an Istio gateway in the Actions column.

To view or modify the YAML, click View YAML for the target Istio gateway. In the Edit dialog box, modify the configuration as needed and click OK.
To manage versions, click Version for the target Istio gateway. In the Version dialog box, click Rollback. For more information, see Roll back to a previous version of an Istio resource.
To delete an Istio gateway, click Delete for the target Istio gateway. In the Confirm dialog box, click OK.

Important
Deleting an Istio gateway removes its associated routing rules, which may cause service interruptions. Proceed with caution.