istio
/
istio.io
mirror of https://github.com/istio/istio.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[release-1.6] Specify hosts in ibm kubernetes ingress blog post (#7633) 

* add proxy_ssl-name directive

to the ingress.bluemix.net/ssl-services annotation to set the SNI of the
ingress gateway in the Kubernetes ingress

* specify the host names in Gateway and VirtualService

instead of '*'

* remove cleanup of unused constructs

* add last_update field

Co-authored-by: Vadim Eisenberg <vadime@il.ibm.com>
This commit is contained in:
Istio Automation 2020-06-26 11:43:23 -07:00 committed by GitHub
parent 5817c5b584
commit 6d077f8705
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
content/en/blog/2020/alb-ingress-gateway-iks/index.md
View File

@ -5,6 +5,7 @@ subtitle: Configure the IBM Cloud Kubernetes Service Application Load Balancer t
publishdate: 2020-05-15
attribution: Vadim Eisenberg (IBM)
keywords: [traffic-management,ingress,file-mount-credentials,iks]
last_update: 2020-06-23
---
In this blog post I show how to configure the [Ingress Application Load Balancer (ALB)](https://cloud.ibm.com/docs/containers?topic=containers-ingress-about)
@ -242,7 +243,8 @@ You use the certificates and the keys provided to you for the ingress gateway an
privateKey: /etc/istio/ingressgateway-certs/tls.key
caCertificates: /etc/istio/ingressgateway-ca-certs/trustid-x3-root.pem
hosts:
- "*"
- "$INGRESS_GATEWAY_DOMAIN"
- "httpbin.$ALB_INGRESS_DOMAIN"
EOF
{{< /text >}}
@ -256,7 +258,8 @@ You use the certificates and the keys provided to you for the ingress gateway an
name: default-ingress
spec:
hosts:
- "*"
- "$INGRESS_GATEWAY_DOMAIN"
- "httpbin.$ALB_INGRESS_DOMAIN"
gateways:
- default-ingress-gateway
http:
@ -319,7 +322,7 @@ the `alb-certs` secret, required for mutual TLS.
name: alb-ingress
namespace: istio-system
annotations:
ingress.bluemix.net/ssl-services: "ssl-service=istio-ingressgateway ssl-secret=alb-certs"
ingress.bluemix.net/ssl-services: "ssl-service=istio-ingressgateway ssl-secret=alb-certs proxy-ssl-name=$INGRESS_GATEWAY_DOMAIN"
spec:
tls:
- hosts:
@ -367,8 +370,6 @@ Istio ingress gateway.
$ kubectl delete ingress alb-ingress -n istio-system
$ kubectl delete virtualservice default-ingress -n httptools
$ kubectl delete gateway default-ingress-gateway -n httptools
$ kubectl delete policy default -n httptools --ignore-not-found=true
$ kubectl delete destinationrule default -n httptools
$ kubectl delete secrets istio-ingressgateway-certs istio-ingressgateway-ca-certs alb-certs -n istio-system
$ rm -rf ingress_gateway_certs alb_certs trustid-x3-root.pem trusted.crt
$ unset CLUSTER_NAME ALB_INGRESS_DOMAIN ALB_SECRET INGRESS_GATEWAY_DOMAIN INGRESS_GATEWAY_SECRET