Gateways Management

Intro

Resources

• Install IngressGateway Define method to install IngressGateway on k8s/ocp
• Configure Gateway as Ingress (Tier2) Defines destination host for traffic entering the mesh and traffic routing policies (north-south)
• Install Tier1Gateway Define method to install Tier1Gateway on k8s/ocp
• Configure Gateway as Tier1 Defines way to configure workload to act as a gateway that distributes traffic across one or more ingress gateways

install.tetrate.io

• CRD: Install Gateways

tsb/gateway/v2

• GatewayGroup
• Gateway
• EgressGateway

Install IngressGateway

Sample

sample/gateway-management/installingressgateway.yaml

apiVersion: install.tetrate.io/v1alpha1
kind: IngressGateway
metadata:
  name: bookinfo-ingressgateway
  namespace: bookinfo
spec:
  kubeSpec:
    service:
      type: LoadBalancer

Details

• using kubectl or oc to create IngressGateway deployment

Configure Gateway as Ingress (Tier2)

Sample

sample/gateway-management/ingressgateway.yaml

apiVersion: gateway.tsb.tetrate.io/v2
kind: Gateway
metadata:
  organization: tsbdemo
  tenant: bookinfo
  workspace: bookinfo-workspace
  group: bookinfo-gatewaygroup
  name: bookinfo-ingress
spec:
  workloadSelector:
    namespace: bookinfo
    labels:
      app: bookinfo-gateway
  http:
  - name: bookinfo-plaintext
    port: 80
    hostname: bookinfo.tetrate.com
    routing:
      rules:
      - redirect:
          authority: bookinfo.tetrate.com
          port: 443
          redirectCode: 301
          scheme: https
  - name: bookinfo-secure
    port: 443
    hostname: bookinfo.tetrate.com
    tls:
      mode: SIMPLE
      secretName: bookinfo-cert
    routing:
      rules:
      - route:
          serviceDestination:
            host: ns1/productpage.ns1.svc.cluster.local
            port: 9080

Fields

Interpretations of fields in the sample

• workloadSelector: gateway with app: bookinfo-gateway label will be the edge proxy.
• http: application type.
• routing: rules for traffic flows.
• tls: tls mode and location of certs if required.
• serviceDestination: destination service for traffic entering the mesh.

Install Tier1Gateway

Sample

sample/gateway-management/installtier1gateway.yaml

apiVersion: install.tetrate.io/v1alpha1
kind: Tier1Gateway
metadata:
  name: bookinfo-tier1-gateway
  namespace: tier1
spec:
  kubeSpec:
    service:
      type: LoadBalancer

Details

• using kubectl or oc to create Tier1Gateway deployment

Configure Gateway as Tier1

Sample

sample/gateway-management/ingressgateway.yaml

apiVersion: gateway.tsb.tetrate.io/v2
kind: Gateway
metadata:
  organization: tsbdemo
  tenant: bookinfo
  workspace: bookinfo-workspace
  group: bookinfo-tier1-gatewaygroup
  name: bookinfo-tier1
spec:
  workloadSelector:
    namespace: tier1
    labels:
      app: bookinfo-tier1-gateway
  http:
  - name: bookinfo-plaintext
    port: 80
    hostname: bookinfo.tetrate.com
    routing:
      rules:
      - redirect:
          authority: bookinfo.tetrate.com
          port: 443
          redirectCode: 301
          scheme: https
  - name: bookinfo-secure
    port: 443
    hostname: bookinfo.tetrate.com
    tls:
      mode: SIMPLE
      secretName: bookinfo-cert
    routing:
      rules:
      - route:
          clusterDestination:
          - name: c1
            weight: 90
          - name: c2
            weight: 10

Fields

Interpretations of fields in the sample

• workloadSelector: gateway with app: bookinfo-gateway label will be the edge proxy.
• http: application type.
• routing: rules for traffic flows.
• tls: tls mode and location of certs if required.
• clusterDestination: The destination clusters that contain ingress gateways exposing the hostname.