All Products
Search

This Product

    Alibaba Cloud Service Mesh:Description of ASMCredential fields

    Document Center

    Alibaba Cloud Service Mesh:Description of ASMCredential fields

    Last Updated:Jan 05, 2024

    ASMCredential defines the Transport Layer Security (TLS) certificates or keys used in Service Mesh (ASM) gateways. ASMCredential can be used together with Istio gateways to implement TLS termination on ASM gateways. After you create an ASMCredential CustomResourceDefinition (CRD), you can reference it in CredentialName of an Istio gateway.

    Usage notes

    After an ASMCredential CRD is created, ASM creates secrets in clusters on both the control plane and the data plane. Make sure that the secrets do not conflict with the existing secrets. Otherwise, the existing secrets with the same name may be overwritten.

    Configuration example

    The following code block shows an ASMCredential CRD that can be used to implement TLS termination on a gateway: 

    apiVersion: istio.alibabacloud.com/v1beta1
kind: ASMCredential
metadata:
  name: aliyun.com
  namespace: istio-system
spec:
  cert: |-
    -----BEGIN CERTIFICATE-----
    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    -----END CERTIFICATE-----
  key: |-
    -----BEGIN PRIVATE KEY-----
    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    -----END PRIVATE KEY-----
  type: tls

    CRD fields

    Spec

    Field

    Type

    Required

    Description

    type

    string

    Yes

    The type of the certificate. You must set it to tls or mtls.

    cert

    string

    Yes

    The public key certificate in the PEM format.

    key

    string

    Yes

    The private key in the PEM format.

    caCert

    string

    No

    The CA certificate in the PEM format that is used to authenticate the client identity in mutual TLS (mTLS). If the type field is set to mtls, caCert is required.

    Note

    As of ASM version 1.19, you can specify Base64-encoded PEM certificates or private keys for the cert, key, and caCert fields.

    References

    For more information about how to manage certificates in the ASM console, see Use the certificate management feature of ASM.