My team has a C# project. This project is deployed using k8s. There was a task to migrate to corpotive Istio using a certificate, a gateways and a virtual service but without a service mesh.
If you have such type of a task there are my recomendations:
- It's needed to create a file with a certificate:
apiVersion: cert-manager.io/v1alpha2
kind: Certificate
metadata:
labels:
istio-certificate: "true" # if it would be used with gateway object, the value should be set to "true"
app.kubernetes.io/managed-by: {{ .Release.Service }}
name: {{ .Values.environment.servicename }}
spec:
dnsNames:
- {{ .Values.service.name }}.{{ .Release.Namespace }}.{{ .Values.environment.cluster }}
issuerRef:
kind: ClusterIssuer
name: certificates-issuer
secretName: {{ .Values.environment.servicename }} # the secretName should be equals to the certificate name
If you want to learn more about certificate resources, there is pretty documentaions here
The second thing is needed to do is to add a gateway description.
The istio gateway provides a description of ports & protocols which will be used. More information here
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: {{ .Values.service.name }}
spec:
selector:
company/istio-ingressgateway: common
servers:
- port:
number: 443
name: https
protocol: HTTPS
tls:
mode: SIMPLE
credentialName: {{ .Values.environment.servicename }}
hosts:
- {{ .Values.service.name }}.{{ .Release.Namespace }}.{{ .Values.environment.cluster }} # use a correct hostname for your namespace
Istio VirtualService describes routing. It's needed to specify hosts, ports and other things. All documentation available here
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: {{ .Values.service.name }}
spec:
hosts:
- {{ .Values.service.name }}.{{ .Release.Namespace }}.{{ .Values.environment.cluster }}
gateways:
- {{ .Values.service.name }} # join the virtualService with the gateway
http:
- name: "default"
route:
- destination:
port:
number: {{ .Values.environment.serviceport }}
host: {{ .Values.environment.servicename }}-service
Top comments (0)