Adding a Gateway¶
A gateway enables unified entry, traffic management, security, and service isolation.
Prerequisites¶
Gateways use load balancers of ELB to provide network access. Before adding a gateway, you need to create a load balancer.
When creating a load balancer, you need to ensure that it belongs to the same VPC as the cluster.
Procedure¶
Log in to the ASM console and click the name of the target service mesh to go to its details page.
In the navigation pane on the left, choose Gateway Management and click Add Gateway.
Configure the following parameters.
Gateway Name
Enter a gateway name. Enter 4 to 59 characters starting with a lowercase letter and ending with a lowercase letter or digit. Only lowercase letters, digits, and hyphens (-) are allowed.
Cluster
Select the cluster to which the gateway belongs.
Load Balancer
Gateways use shared and dedicated load balancers of ELB for the access over both public and private IPv4 networks.
Access Entry
Gateways configure a listener for the load balancer, which listens to requests from the load balancer and distributes traffic.
External Protocol
Select one to match the protocol type of your service. HTTP, gRPC, TCP, TLS, and HTTPS are supported.
External Port
Enter the port number exposed in the Load Balancer Service address. The port number can be specified randomly.
TLS Termination
If External Protocol is HTTPS, TLS Termination is enabled and cannot be disabled.
If External Protocol is TLS, you can enable or disable TLS Termination. If you enable TLS termination, bind a certificate to support TLS-based data transmission encryption and authentication. If you disable TLS termination, encrypted TLS data will be directly forwarded.
Secret Certificate
When configuring a TLS protocol with TLS termination enabled, you need to bind a certificate to support TLS-based data transmission encryption and authentication.
When configuring the HTTPS protocol, you need to bind a secret certificate.
Earliest TLS Version Supported/Latest TLS Version Supported
When configuring a TLS protocol with TLS termination enabled or an HTTPS protocol, you can select the earliest and latest TLS versions.
(Optional) Configure routing parameters.
When the access address of a request matches the forwarding policy (which consists of a domain name and URL. If the domain name is left empty, the ELB IP address is used by default), the request is forwarded to the corresponding target Service for processing. Click . The Add Route dialog box is displayed.
Domain Name
Enter the external domain name of the service. If this parameter is left blank, the IP address of the load balancer is used by default. If you enable TLS termination, enter a domain name configured in the certificate for SNI domain name verification.
URL Matching Rule
Prefix: A URL can be accessed if its prefix is the same as that you configure. For example, /healthz/v1 and /healthz/v2.
Exact: Only the URL that fully matches the values you set can be accessed. For example, if the URL is set to /healthz, only /healthz can be accessed.
URL
Mapping URL supported by the service, for example, /example.
Namespace
Select the namespace to which the gateway belongs.
Target Service
Service of the gateway. Select a value from the drop-down list box. The target service is filtered based on the corresponding gateway protocol. For details about the filtering rules, see Why Cannot I Select the Corresponding Service When Adding a Route?
The service which configuration diagnosis fails cannot be selected. You need to fix the issues first. For details, see Manual Fixing Items or Auto Fixing Items.
Access Port
Only ports that match external protocols are displayed.
Rewrite
(This parameter is configurable when the external protocol is HTTP.)
Rewrite the HTTP URI and host/authority header before forwarding. Disabled by default. To enable it, configure the following parameters:
URI: This value is used to rewrite the URI or prefix.
Host/Authority Header: This value is used to rewrite the HTTP host/authority header.
Click OK.
You can obtain the external network access address of the service in the Service Management page.