By Xining Wang
Use ASM to Manage Knative Services (1): An Overview of Knative on ASM
Use ASM to Manage Knative Services (2): Use Knative on ASM to Deploy Serverless Applications
Use ASM to Manage Knative Services (3): Use Custom Domain in Knative on ASM
Use ASM to Manage Knative Services (4): Use ASM Gateway to Access Knative Services over HTTPS
Use ASM to Manage Knative Services (6): Auto Scaling Based on the Number of Traffic Requests
The ASM gateway supports HTTPS and allows you to dynamically load certificates. When you use Knative on ASM, you can use the ASM gateway to implement HTTPS access. This article will demonstrate how to use the ASM gateway to access Knative services over HTTPS.
A domain name is only accessible after it has obtained an Internet Content Provider (ICP) filing. In this example, aliyun.com is used to generate a certificate and private key and save them as Secret. If you have an available certificate and private key generated by aliyun.com, you need to rename the private key to aliyun.com.key and the certificate to aliyun.com.crt. If not, run the following openssl commands to create a certificate and private key.
1) Run the following command to create a root certificate and a private key:
openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -subj '/O=myexample Inc./CN=aliyun.com' -keyout aliyun.root.key -out aliyun.root.crt2) Run the following command to generate a certificate and private key for the aliyun.com server:
openssl req -out aliyun.com.csr -newkey rsa:2048 -nodes -keyout aliyun.com.key -subj "/CN=aliyun.com/O=myexample organization"
openssl x509 -req -days 365 -CA aliyun.root.crt -CAkey aliyun.root.key -set_serial 0 -in aliyun.com.csr -out aliyun.com.crt3) In the KubeConfig environment of the cluster to which the ingress gateway pod belongs, run the following command to create a Secret that contains the certificate and private key in the istio-system namespace:
kubectl create -n istio-system secret tls myexample-credential --key=aliyun.com.key --cert=aliyun.com.crt1) Change the domainName field in the following content to the domain name you use (aliyun.com in this example) and credentialName to the Secret name created in the previous step (myexample-credential in this example). Save the file as default.yaml.
apiVersion: istio.alibabacloud.com/v1beta1
kind: ASMKnativeConfig
metadata:
name: default
spec:
enabled: true
useExisting: true
tag: 1.4.0
domainConfig:
domainName: aliyun.com
credentialName: myexample-credential2) Use kubectl to connect to the service mesh and execute the following command on the command line:
kubectl apply -f default.yaml1) Update the Hosts file and add the binding information of the new domain name to the Hosts file. The binding sample is listed below (replace xx.xx.xxx.xx with your gateway IP):
xx.xx.xxx.xx helloworld-go.default.aliyun.com2) Run the following command on the command line to access the HTTPS service through the certificate:
curl -k --cert aliyun.com.crt --key aliyun.com.key https://helloworld-go.default.aliyun.com
# Expected output:
# Hello Knative!3) Or directly visit https://helloworld-go.default.aliyun.com in the browser. (The browser may warn that the address is not safe. Don't worry. This is because we use a self-signed certificate.)
Use ASM to Manage Knative Services (3): Use Custom Domain in Knative on ASM
56 posts | 8 followers
FollowXi Ning Wang(王夕宁) - August 7, 2023
Xi Ning Wang(王夕宁) - August 7, 2023
Xi Ning Wang(王夕宁) - August 7, 2023
Xi Ning Wang(王夕宁) - August 7, 2023
Xi Ning Wang(王夕宁) - August 7, 2023
Alibaba Container Service - September 14, 2022
56 posts | 8 followers
Follow
Alibaba Cloud Service Mesh
Alibaba Cloud Service Mesh (ASM) is a fully managed service mesh platform that is compatible with Istio.
Learn More
Function Compute
Alibaba Cloud Function Compute is a fully-managed event-driven compute service. It allows you to focus on writing and uploading code without the need to manage infrastructure such as servers.
Learn More
Container Service for Kubernetes
Alibaba Cloud Container Service for Kubernetes is a fully managed cloud container management service that supports native Kubernetes and integrates with other Alibaba Cloud products.
Learn More
Elastic Desktop Service
A convenient and secure cloud-based Desktop-as-a-Service (DaaS) solution
Learn MoreMore Posts by Xi Ning Wang(王夕宁)