Alibaba Cloud Service Mesh:Create an egress gateway

Procedure

1. Log on to the ASM console. In the left-side navigation pane, choose Service Mesh > Mesh Management.
2. On the Mesh Management page, click the name of the ASM instance. In the left-side navigation pane, choose ASM Gateways > Egress Gateway.

3. On the Egress Gateway page, click Create. On the Create page, configure parameters of the egress gateway.

   The following table describes the parameters. You can also click Create from YAML on the Egress Gateway page to define an egress gateway. For more information, see Create and manage an egress gateway by using the Kubernetes API.

   Parameter	Description
   Name	The name of the egress gateway.
   Cluster	The cluster in which you want to deploy the egress gateway.
   Port Mapping	The ports that services need to expose. You can click Add Port and specify a service port and protocol in the row that appears. Note By default, two ports that are commonly used by Istio appear in the console. You can keep or remove the default ports or add ports as needed.
   Resource Limits	The CPU and memory specifications for the pod of the egress gateway.
   Gateway instances	The number of pod replicas for the egress gateway.

4. Optional:Click Advanced Options and configure the parameters that are described in the following table.

   Parameter	Description
   HPA	Specifies whether to enable the Horizontal Pod Autoscaler (HPA) feature. If you select HPA to enable this feature, configure the following parameters: metrics: Set the Monitoring items and Threshold parameters. If the metric value exceeds the specified threshold, the number of pod replicas increases for the egress gateway. If the metric value is below the specified threshold, the number of pod replicas decreases for the egress gateway. If you specify thresholds for CPU utilization and memory usage, both thresholds take effect. In this case, if the CPU utilization or memory usage exceeds or is below the specified threshold, the egress gateway is accordingly resized. Maximum replicas: the maximum number of pod replicas for the egress gateway. Minimum number of replicas: the minimum number of pod replicas for the egress gateway. Note This feature is only available in Enterprise and Ultimate editions.
   Rolling Upgrade	Specifies whether to enable the rolling update feature. If you select Rolling Upgrade to enable this feature, configure the following parameters: Maximum number of unavailable instances: the maximum number of pod replicas that can be unavailable during a rolling update. This ensures that a certain number of pods can provide services during the update. Exceeding the desired number of instances: the maximum number of pod replicas that can be created over the expected number of pod replicas during a rolling update. For example, if you set this parameter to 25%, the number of pod replicas during a rolling update cannot exceed 125% of the expected number of pod replicas.
   Deploy ASM Gateway replicas as widely as possible	When podAntiAffinity is set for the egress gateway, gateway pods are preferentially deployed to different nodes.
   Support two-way TLS authentication	If you select Support two-way TLS authentication, sidecars that are injected into service pods and the egress gateway authenticate each other by using TLS. This improves security. You can configure access policies for outbound traffic based on authorization policies and the identities verified by using mutual TLS. Important Pods that do not have sidecars injected cannot access external services by using the egress gateway.

5. Click Create.

Related operations

View egress gateways in the ACK console

After an egress gateway is created, you can log on to the ACK console to view the basic information and pod information about the egress gateway.

• View basic information about an egress gateway

  1. Log on to the ACK console and click Clusters in the left-side navigation pane.

  2. On the Clusters page, click the name of a cluster and choose Network > Services in the left-side navigation pane.

  3. In the upper part of the Services page, select istio-system from the Namespace drop-down list.

  4. Find the service that you want to view, and click Details in the Actions column to view the details of the egress gateway.

• View pod information about an egress gateway

  1. In the left-side navigation pane of the Cluster Information page, choose Workloads > Pods.

  2. In the upper part of the Pods page, select istio-system from the Namespace drop-down list.

  3. Find the pod that you want to view, and click View Details in the Actions column to view the pod details of the egress gateway.

Manage egress gateways in the ASM console

After an egress gateway is created, you can log on to the ASM console to view, edit, or delete the egress gateway.

1. Log on to the ASM console. In the left-side navigation pane, choose Service Mesh > Mesh Management.
2. On the Mesh Management page, click the name of the ASM instance. In the left-side navigation pane, choose ASM Gateways > Egress Gateway.

3. On the Egress Gateway page, modify egress gateways as needed.

   Operation	Description
   View an egress gateway	Method 1: Find the egress gateway and click View Details. Method 2: Find the egress gateway and click YAML.
   Modify an egress gateway	Method 1: Find the egress gateway and click View Details. On the Gateway Details page, click the icon next to the parameter that you want to modify, modify the parameter settings, and then click Submit. Method 2: Find the egress gateway and click YAML. In the Edit dialog box, modify the YAML configuration, and then click OK.
   Delete an egress gateway	Find the egress gateway, click Delete. In the message that appears, click OK. Important After an egress gateway is deleted, the internal services of the ASM instance cannot access external services by using the egress gateway. Exercise caution when you perform this operation.