Manage Istio gateways - Alibaba Cloud Service Mesh - Alibaba Cloud Documentation Center

An Istio gateway defines a load balancer that runs at the edge of a Service Mesh (ASM) instance to receive inbound or outbound HTTP/TCP traffic. This topic describes how to create, modify, and delete an Istio gateway.

Prerequisites

An ASM instance is created. For more information, see Create an ASM instance.

Create an Istio gateway

Method 1: Create an Istio gateway by setting the parameters on the configuration GUI of the ASM console

Log on to the ASM console. In the left-side navigation pane, choose Service Mesh > Mesh Management.
On the Mesh Management page, click the name of the ASM instance. In the left-side navigation pane, choose ASM Gateways > Gateway. On the page that appears, click Create.
On the Create page, set the parameters and click Create.
The following figure provides a configuration example. For the descriptions of the configuration items, see Gateway.

Method 2: Use a YAML file to create an Istio gateway

Log on to the ASM console. In the left-side navigation pane, choose Service Mesh > Mesh Management.
On the Mesh Management page, click the name of the ASM instance. In the left-side navigation pane, choose ASM Gateways > Gateway. On the page that appears, click Create from YAML.

On the Create page, select the desired namespace from the Namespace drop-down list, select the template that you want to use to create the Istio gateway from the Template drop-down list, modify the configurations of the Istio gateway in the YAML code editor, and then click Create.

The following YAML code provides an example of the configurations of the Istio gateway. This Istio gateway defines how to expose ports 80, 9080, 443, and 9443 on the gateway. This Istio gateway applies to pods that carry the istio: ingressgateway label. For more information, see Gateway.

Show the sample YAML code

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: my-gateway
  namespace: some-config-namespace
spec:
  selector:
    istio: ingressgateway
  servers:
  - port:
      number: 80
      name: http
      protocol: HTTP
    hosts:
    - test1.com
    - test2.com
    tls:
      httpsRedirect: true
  - port:
      number: 443
      name: https-443
      protocol: HTTPS
    hosts:
    - uk.bookinfo.com
    - eu.bookinfo.com
    tls:
      mode: SIMPLE
      serverCertificate: /etc/certs/servercert.pem
      privateKey: /etc/certs/privatekey.pem
  - port:
      number: 9443
      name: https-9443
      protocol: HTTPS
    hosts:
    - "bookinfo-namespace/*.bookinfo.com"
    tls:
      mode: SIMPLE
      credentialName: bookinfo-secret
  - port:
      number: 9080
      name: http-wildcard
      protocol: HTTP
    hosts:
    - "*"

Related operations

After an Istio gateway is created, you can perform the following operations in the Actions column on the Gateway page:

View or modify the YAML code: Find the desired Istio gateway and click YAML. In the Edit dialog box, modify the configurations of the Istio gateway based on your business requirements and click OK.
Manage the version: Find the desired Istio gateway and click Version. In the Version dialog box, click Rollback. For more information, see Roll back an Istio resource to an earlier version.
Delete the Istio gateway: Find the desired Istio gateway and click Delete. In the Submit message, click OK.
Important
After you delete an Istio gateway, the corresponding traffic routing rules no longer work. As a result, services may be inaccessible. Exercise caution when you perform this operation.