Service Mesh (ASM) supports accessing services over HTTPS through an ASM ingress gateway. To enable HTTPS access, configure Transport Layer Security (TLS) termination on the access path by specifying a certificate. With TLS termination, encrypted HTTPS requests are decrypted and forwarded to backend service pods over HTTP.
Configure methods for accessing the backend services of an ASM ingress gateway over HTTPS
The following figure shows the HTTPS access path to a backend service of an ASM ingress gateway.
You can use the following methods to access backend services of an ASM ingress gateway over HTTPS:
|
Method |
Description |
References |
|
Configure TLS termination on an ASM ingress gateway |
Recommended. Configure a certificate for the ASM ingress gateway. The gateway decrypts HTTPS requests and forwards HTTP requests to backend services. With this method, you manage the gateway certificate in the ASM console. |
|
|
Configure TLS termination on a Classic Load Balancer (CLB) instance |
If a CLB instance is created for an ASM ingress gateway, bind a certificate to the instance and create an HTTPS listener to access backend services. The CLB instance decrypts HTTPS requests and sends HTTP requests to the ASM ingress gateway. This method requires managing the certificate in the CLB console and enabling HTTP access in the ASM console. |
|
|
Configure TLS termination on backend services |
If TLS termination is configured on backend services, enable TLS pass-through on the ASM ingress gateway to forward HTTPS requests directly to the backend services. With this method, backend services accept and decrypt HTTPS requests and manage the corresponding certificate. |