Manage host and port configuration
Service Mesh Manager understands the Gateway CRs of Istio and the gateway’s service configuration in Kubernetes (with the help of the MeshGateway CR), so it can display information about ports, hosts, and protocols that are configured on a specific gateway.
-
Open the Service Mesh Manager web interface, and navigate to MENU > GATEWAYS.
-
From the list of gateways, click the gateway you want to monitor.
-
You can see the host and port configurations on the OVERVIEW tab, in the Ports & Hosts section.
The following information is shown about each entry point.
- GATEWAY NAME: The name of the gateway.
- GATEWAY NAMESPACE: The namespace the gateway belongs to.
- PORT: The list of open ports on the gateway.
- PROTOCOL: The protocols permitted on the gateway.
- HOSTS: The host selector that determines which hosts are accessible using the gateway.
- TLS: The TLS settings applying to the gateway.
- To modify an existing route, click
, change the settings as needed, then click APPLY.
- To delete a route, click
.
- To create a new entry point, click CREATE NEW.
Create new ingress entry point
You can set up a new entry point for your Istio ingress gateways, and Service Mesh Manager translates your configuration to declarative custom resources.
-
Navigate to MENU > GATEWAYS > <Gateway-to-modify> > OVERVIEW.
-
In the Ports & Hosts section, click CREATE NEW.
-
Set the parameters of the entry point. As a minimum, you must set the port number for the entry point, and the protocol (for example, HTTP, HTTPS, or GRPC) that is accepted at the entry point.
Note: DNS resolution is not managed by Service Mesh Manager. Once you’ve configured ingress for a particular service, Service Mesh Manager will display the IP of the ingress gateway service. Do not forget to create the corresponding DNS records that point to this IP.
-
Click CREATE.
Gateway TLS settings
When setting up a service on a gateway with TLS, you need to configure a certificate for the host(s). You can do that by bringing your own certificate, putting it down in a Kubernetes secret, and configuring it for a gateway server. This works for simple use cases, but involves lots of manual steps when obtaining or renewing a certificate. Automated Certificate Management Environments (ACME) automates these kinds of interactions with the certificate provider.
ACME is most widely used with Let’s Encrypt and - when in a Kubernetes environment - cert-manager. Service Mesh Manager helps you set up cert-manager, and you can quickly obtain a valid Let’s Encrypt certificate through the dashboard with a few clicks.
Note: For details on using your own domain name with Let’s Encrypt, see Using Let’s Encrypt with your own domain name. To set TLS encryption for a gateway, complete the following steps.
-
Navigate to MENU > GATEWAYS > <Gateway-to-modify> > OVERVIEW.
-
In the Ports & Hosts section, click
in the row of the gateway you want to modify.
-
Set PORT PROTOCOL to HTTPS.
-
Decide how you want to provide the certificate for the gateway.
- To use Let’s Encrypt, select USE LET’S ENCRYPT FOR TLS, then enter a valid email address into the CONTACT EMAIL field. The provided email address will be used to notify about expirations and to communicate about any issues specific to your account.
- To use a custom certificate, upload a certificate as a Kubernetes secret, then set the name of the secret in the TLS SECRET NAME field. Note that currently you cannot upload the certificate from the Service Mesh Manager UI, use regular Kubernetes tools instead.
-
Click CREATE.