Define a custom egress gateway service

Procedure

1. Log on to the ASM console.
2. In the left-side navigation pane, choose Service Mesh > Mesh Management.
3. On the Mesh Management page, find the ASM instance that you want to configure. Click the name of the ASM instance or click Manage in the Actions column.
4. On the details page of the ASM instance, click ASM Gateways in the left-side navigation pane. On the ASM Gateways page, click Create from YAML.
5. On the Create page, select istio-system from the Namespace drop-down list and copy the following content to the code editor. Then, click Create.
   Note Custom egress gateway services must be deployed in the istio-system namespace. This way, when you start a custom egress gateway service, the configurations of the custom egress gateway service can be obtained to ensure a successful startup. If you deploy a custom egress gateway service in another namespace, the custom egress gateway service is unavailable in Istio 1.6 or later.

   apiVersion: istio.alibabacloud.com/v1beta1
   kind: IstioGateway
   metadata:
     name: egressgateway
     namespace: istio-system
   spec:
     ports:
       - name: http2
         port: 80
         targetPort: 80
       - name: http-sw
         port: 11800
         targetPort: 11800
       - name: https
         port: 443
         targetPort: 443
       - name: tls
         port: 15443
         targetPort: 15443
   # - name: config-volume-lua
   #  configMapName: lua-libs
   #  mountPath: /var/lib/lua
   # secretVolumes:
   # - name: myexample-customingressgateway-certs
   #   secretName: istio-myexample-customingressgateway-certs
   #   mountPath: /etc/istio/myexample-customingressgateway-certs  
     replicaCount: 1
     resources:
       limits:
         cpu: '2'
         memory: 2G
       requests:
         cpu: 200m
         memory: 256Mi
     runAsRoot: false
     serviceType: ClusterIP
     hostNetwork: true
     dnsPolicy: "ClusterFirstWithHostNet"

   Table 1. Parameters

   Parameter	Description	Default value
   metadata.name	The name of the egress gateway service. The generated Kubernetes service and deployment are both named istio-{The value of the metadata.name parameter}.	N/A
   metadata.namespace	The namespace of the generated Kubernetes service and deployment. Notice To ensure that the generated Kubernetes service and deployment are available in Istio 1.6 and later, the namespace must be istio-system.	istio-system
   clusterIds	The IDs of the clusters in which you want to deploy the egress gateway service. The value is an array. The clusters must be managed in the current ASM instance.	N/A
   cpu.targetAverageUtilization	The maximum CPU utilization that is supported by Horizontal Pod Autoscaler (HPA).	80
   env	The environment variables of the pod of the egress gateway service. The value is an array.	N/A
   ports	The ports that are defined for the pod of the egress gateway service. The value is an array. Example: name: status-port port: 15020 targetPort: 15020 name: http2 port: 80 targetPort: 80 name: https port: 443 targetPort: 0 name: tls port: 15443 targetPort: 15443	N/A
   replicaCount	The number of replicas.	1
   resources	The resource configurations of the pod of the egress gateway service.	limits: cpu: '2' memory: 2G requests: cpu: 200m memory: 256Mi
   configVolumes	The information about the ConfigMap volume that is mounted to the pod of the egress gateway service. Example: - name: config-volume-lua configMapName: lua-libs mountPath: /var/lib/lua	N/A
   secretVolumes	The information about the secret volume that is mounted to the pod of the egress gateway service. Example: - name: myexample-customingressgateway-c secretName: istio-myexample-customingressgateway-certs mountPath: /etc/istio/myexample-customingressgateway-certs	N/A
   serviceType	The type of the egress gateway service. Valid values: LoadBalancer, Nodeport, and ClusterIP.	ClusterIP
   serviceAnnotations	The annotations of the egress gateway service. Example: service.beta.kubernetes.io/alicloud-loadbalancer-address-type: internet.	N/A
   serviceLabels	The labels of the egress gateway service.	N/A
   podAnnotations	The annotations of the pod of the egress gateway service.	N/A
   rollingMaxSurge	The maximum number of pods that are scheduled above the expected number of replicas during a rolling upgrade. The value can be an absolute value or a percentage.	"100%"
   rollingMaxUnavailable	The maximum number of unavailable pods during a rolling upgrade. The value can be an absolute value or a percentage.	"25%"
   overrides	Configures distinct settings for specific clusters. This parameter is available when the clusterIds parameter specifies two or more clusters. You can use this parameter when you want to configure specific clusters with settings that are different from the preceding cluster settings. The value is of the MAP type that contains key-value pairs. Note key: a cluster ID that is specified in the clusterIds parameter. value: assignments of the serviceAnnotations, resources, and replicaCount parameters.	N/A
   hostNetwork	Specifies whether to allow the pod of the egress gateway service to access the network namespace of the host. If you set the hostNetwork parameter to true, the pod of the egress gateway service is allowed to access the network namespace of the host.	false
   dnsPolicy	The Domain Name System (DNS) policy set for the pod of the egress gateway service. For more information about DNS policies, see DNS for Services and Pods.	ClusterFirst

Verify the result

After you deploy the custom egress gateway service, you can view the details of the custom egress gateway service and its pod information in the ACK console.

View the details of the custom egress gateway service

1. Log on to the ACK console.
2. In the left-side navigation pane of the ACK console, click Clusters.
3. On the Clusters page, find the cluster that you want to manage and click the name of the cluster or click Details in the Actions column. The details page of the cluster appears.
4. In the left-side navigation pane of the details page, choose Network > Services
5. At the top of the Services page, select istio-system from the Namespace drop-down list. You can view the details of the custom egress gateway service in the service list.

View the pod information about the custom egress gateway service

1. Log on to the ACK console.
2. In the left-side navigation pane of the ACK console, click Clusters.
3. On the Clusters page, find the cluster that you want to manage and click the name of the cluster or click Details in the Actions column. The details page of the cluster appears.
4. In the left-side navigation pane of the details page, choose Workloads > Pods.
5. At the top of the Pods page, select istio-system from the Namespace drop-down list. You can view the pod information about the custom egress gateway service in the pod list.