istio
/
istio.io
mirror of https://github.com/istio/istio.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Specify hosts in ibm kubernetes ingress blog post (#7610) 

* add proxy_ssl-name directive

to the ingress.bluemix.net/ssl-services annotation to set the SNI of the
ingress gateway in the Kubernetes ingress

* specify the host names in Gateway and VirtualService

instead of '*'

* remove cleanup of unused constructs

* add last_update field
This commit is contained in:
Vadim Eisenberg 2020-06-23 18:26:09 +03:00 committed by GitHub
parent b116bb2f3b
commit 1d96b295e0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
content/en/blog/2020/alb-ingress-gateway-iks/index.md
View File

@ -5,6 +5,7 @@ subtitle: Configure the IBM Cloud Kubernetes Service Application Load Balancer t
publishdate: 2020-05-15 publishdate: 2020-05-15
attribution: Vadim Eisenberg (IBM) attribution: Vadim Eisenberg (IBM)
keywords: [traffic-management,ingress,file-mount-credentials,iks] keywords: [traffic-management,ingress,file-mount-credentials,iks]
last_update: 2020-06-23
--- ---
In this blog post I show how to configure the [Ingress Application Load Balancer (ALB)](https://cloud.ibm.com/docs/containers?topic=containers-ingress-about) In this blog post I show how to configure the [Ingress Application Load Balancer (ALB)](https://cloud.ibm.com/docs/containers?topic=containers-ingress-about)
@ -242,7 +243,8 @@ You use the certificates and the keys provided to you for the ingress gateway an
privateKey: /etc/istio/ingressgateway-certs/tls.key privateKey: /etc/istio/ingressgateway-certs/tls.key
caCertificates: /etc/istio/ingressgateway-ca-certs/trustid-x3-root.pem caCertificates: /etc/istio/ingressgateway-ca-certs/trustid-x3-root.pem
hosts: hosts:
- "*" - "$INGRESS_GATEWAY_DOMAIN"
- "httpbin.$ALB_INGRESS_DOMAIN"
EOF EOF
{{< /text >}} {{< /text >}}
@ -256,7 +258,8 @@ You use the certificates and the keys provided to you for the ingress gateway an
name: default-ingress name: default-ingress
spec: spec:
hosts: hosts:
- "*" - "$INGRESS_GATEWAY_DOMAIN"
- "httpbin.$ALB_INGRESS_DOMAIN"
gateways: gateways:
- default-ingress-gateway - default-ingress-gateway
http: http:
@ -319,7 +322,7 @@ the `alb-certs` secret, required for mutual TLS.
name: alb-ingress name: alb-ingress
namespace: istio-system namespace: istio-system
annotations: annotations:
ingress.bluemix.net/ssl-services: "ssl-service=istio-ingressgateway ssl-secret=alb-certs" ingress.bluemix.net/ssl-services: "ssl-service=istio-ingressgateway ssl-secret=alb-certs proxy-ssl-name=$INGRESS_GATEWAY_DOMAIN"
spec: spec:
tls: tls:
- hosts: - hosts:
@ -367,8 +370,6 @@ Istio ingress gateway.
$ kubectl delete ingress alb-ingress -n istio-system $ kubectl delete ingress alb-ingress -n istio-system
$ kubectl delete virtualservice default-ingress -n httptools $ kubectl delete virtualservice default-ingress -n httptools
$ kubectl delete gateway default-ingress-gateway -n httptools $ kubectl delete gateway default-ingress-gateway -n httptools
$ kubectl delete policy default -n httptools --ignore-not-found=true
$ kubectl delete destinationrule default -n httptools
$ kubectl delete secrets istio-ingressgateway-certs istio-ingressgateway-ca-certs alb-certs -n istio-system $ kubectl delete secrets istio-ingressgateway-certs istio-ingressgateway-ca-certs alb-certs -n istio-system
$ rm -rf ingress_gateway_certs alb_certs trustid-x3-root.pem trusted.crt $ rm -rf ingress_gateway_certs alb_certs trustid-x3-root.pem trusted.crt
$ unset CLUSTER_NAME ALB_INGRESS_DOMAIN ALB_SECRET INGRESS_GATEWAY_DOMAIN INGRESS_GATEWAY_SECRET $ unset CLUSTER_NAME ALB_INGRESS_DOMAIN ALB_SECRET INGRESS_GATEWAY_DOMAIN INGRESS_GATEWAY_SECRET