vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/asm/umn/asm_01_0056.html
Dong, Qiu Jian e743e7f7b8 ASM UMN update 20241012 
Reviewed-by: Eotvos, Oliver <oliver.eotvos@t-systems.com>
Co-authored-by: Dong, Qiu Jian <qiujiandong1@huawei.com>
Co-committed-by: Dong, Qiu Jian <qiujiandong1@huawei.com>
2024-10-18 07:32:37 +00:00

42 lines
9.1 KiB
HTML
Raw Permalink Blame History

<a name="asm_01_0056"></a><a name="asm_01_0056"></a>
<h1 class="topictitle1">Adding a Gateway</h1>
<div id="body0000001168400365"><p id="asm_01_0056__p1321231184215">A gateway enables unified entry, traffic management, security, and service isolation.</p>
<div class="section" id="asm_01_0056__section141144268498"><h4 class="sectiontitle">Prerequisites</h4><p id="asm_01_0056__p119641350155219">Gateways use load balancers of ELB to provide network access. Before adding a gateway, you need to create a load balancer.</p>
<p id="asm_01_0056__p113671654155016">When creating a load balancer, you need to ensure that it belongs to the same VPC as the cluster.</p>
</div>
<div class="section" id="asm_01_0056__section15169750114920"><h4 class="sectiontitle">Procedure</h4><ol id="asm_01_0056__ol4817103154612"><li id="asm_01_0056__li1433614120526"><span>Log in to the ASM console and click the name of the target service mesh to go to its details page.</span></li><li id="asm_01_0056__li218910061117"><span>In the navigation pane on the left, choose <strong id="asm_01_0056__b766458229102515">Gateway Management</strong> and click <strong id="asm_01_0056__b966014901102515">Add Gateway</strong>.</span></li><li id="asm_01_0056__li65921447162912"><span>Configure the following parameters.</span><p><ul id="asm_01_0056__ul1359211474297"><li id="asm_01_0056__li139001750192815"><strong id="asm_01_0056__b3657180102915">Gateway Name</strong><p id="asm_01_0056__p15441558132814">Enter a gateway name. Enter 4 to 59 characters starting with a lowercase letter and ending with a lowercase letter or digit. Only lowercase letters, digits, and hyphens (-) are allowed.</p>
</li><li id="asm_01_0056__li205096299321"><strong id="asm_01_0056__b1576717357329">Cluster</strong><p id="asm_01_0056__p1719143716324">Select the cluster to which the gateway belongs.</p>
</li><li id="asm_01_0056__li1627847173510"><strong id="asm_01_0056__b72023510139">Load Balancer</strong><ul id="asm_01_0056__ul198721433124110"><li id="asm_01_0056__li1373914385357">Gateways use shared and dedicated load balancers of ELB for the access over both public and private IPv4 networks.</li></ul>
</li><li id="asm_01_0056__li137621212344"><strong id="asm_01_0056__b196012994813">Access Entry</strong><p id="asm_01_0056__p103982038193113">Gateways configure a listener for the load balancer, which listens to requests from the load balancer and distributes traffic.</p>
<ul id="asm_01_0056__ul1776173623113"><li id="asm_01_0056__li196722183918"><strong id="asm_01_0056__b1876120366312">External Protocol</strong><p id="asm_01_0056__p12761163618313">Select one to match the protocol type of your service. <strong id="asm_01_0056__b1196471084102515">HTTP</strong>, <strong id="asm_01_0056__b727748035102515">gRPC</strong>, <strong id="asm_01_0056__b2109712016102515">TCP</strong>, <strong id="asm_01_0056__b807938525102515">TLS</strong>, and <strong id="asm_01_0056__b1914909991102515">HTTPS</strong> are supported.</p>
</li><li id="asm_01_0056__li776153618311"><strong id="asm_01_0056__b15761136173112">External Port</strong><p id="asm_01_0056__p17761036193110">Enter the port number exposed in the Load Balancer Service address. The port number can be specified randomly.</p>
</li><li id="asm_01_0056__li10761203617318"><strong id="asm_01_0056__b2076153618317">TLS Termination</strong><p id="asm_01_0056__p894180479">If <strong id="asm_01_0056__b1792295615209">External Protocol</strong> is <strong id="asm_01_0056__b1068528152117">HTTPS</strong>, <strong id="asm_01_0056__b1655716263218">TLS Termination</strong> is enabled and cannot be disabled.</p>
<p id="asm_01_0056__p19924132318564">If <strong id="asm_01_0056__b177679371212">External Protocol</strong> is <strong id="asm_01_0056__b3767173722110">TLS</strong>, you can enable or disable <strong id="asm_01_0056__b16767173718211">TLS Termination</strong>. If you enable TLS termination, bind a certificate to support TLS-based data transmission encryption and authentication. If you disable TLS termination, encrypted TLS data will be directly forwarded. </p>
</li><li id="asm_01_0056__li57615366313"><strong id="asm_01_0056__b676114361312">Secret Certificate</strong><ul id="asm_01_0056__ul17984193594512"><li id="asm_01_0056__li1951811337458">When configuring a TLS protocol with TLS termination enabled, you need to bind a certificate to support TLS-based data transmission encryption and authentication.</li><li id="asm_01_0056__li714953811459">When configuring the HTTPS protocol, you need to bind a secret certificate.</li></ul>
</li><li id="asm_01_0056__li185755272428"><strong id="asm_01_0056__b33038550462">Earliest TLS Version Supported/Latest TLS Version Supported</strong><p id="asm_01_0056__p16437125165612">When configuring a TLS protocol with TLS termination enabled or an HTTPS protocol, you can select the earliest and latest TLS versions.</p>
</li></ul>
</li></ul>
</p></li><li id="asm_01_0056__li35552319193"><span>(Optional) Configure routing parameters.</span><p><p id="asm_01_0056__p350315261000">When the access address of a request matches the forwarding policy (which consists of a domain name and URL. If the domain name is left empty, the ELB IP address is used by default), the request is forwarded to the corresponding target Service for processing. Click <span><img id="asm_01_0056__image3642183711263" src="en-us_image_0000001209954130.png"></span>. The <strong id="asm_01_0056__b28836919618">Add Route</strong> dialog box is displayed.</p>
<ul id="asm_01_0056__ul43052021171916"><li id="asm_01_0056__li103041421111912"><strong id="asm_01_0056__b20304152120193">Domain Name</strong><p id="asm_01_0056__p1330482114196">Enter the external domain name of the service. If this parameter is left blank, the IP address of the load balancer is used by default. If you enable TLS termination, enter a domain name configured in the certificate for SNI domain name verification.</p>
</li><li id="asm_01_0056__li1230512118195"><strong id="asm_01_0056__b3304192131916">URL Matching Rule</strong><ul id="asm_01_0056__ul43041021141915"><li id="asm_01_0056__li193041021111910"><strong id="asm_01_0056__b1640956582102515">Prefix</strong>: A URL can be accessed if its prefix is the same as that you configure. For example, <strong id="asm_01_0056__b1627472063102515">/healthz/v1</strong> and <strong id="asm_01_0056__b2009910935102515">/healthz/v2</strong>.</li><li id="asm_01_0056__li2304821181912"><strong id="asm_01_0056__b167861112172215">Exact</strong>: Only the URL that fully matches the values you set can be accessed. For example, if the URL is set to <strong id="asm_01_0056__b1296786758102515">/healthz</strong>, only <strong id="asm_01_0056__b1008928963102515">/healthz</strong> can be accessed.</li></ul>
</li><li id="asm_01_0056__li1305192141912"><strong id="asm_01_0056__b193051421101911">URL</strong><p id="asm_01_0056__p123051212194">Mapping URL supported by the service, for example, <strong id="asm_01_0056__b286376356102515">/example</strong>.</p>
</li><li id="asm_01_0056__li133056214197"><strong id="asm_01_0056__b130522112199">Namespace</strong><p id="asm_01_0056__p18305421111919">Select the namespace to which the gateway belongs.</p>
</li><li id="asm_01_0056__li33051621171912"><strong id="asm_01_0056__b11305121111916">Target Service</strong><p id="asm_01_0056__p134063347264">Service of the gateway. Select a value from the drop-down list box. The target service is filtered based on the corresponding gateway protocol. For details about the filtering rules, see <a href="asm_faq_0035.html">Why Cannot I Select the Corresponding Service When Adding a Route?</a></p>
<p id="asm_01_0056__p18216183513118">The service which configuration diagnosis fails cannot be selected. You need to fix the issues first. For details, see <a href="asm_01_0060.html">Manual Fixing Items</a> or <a href="asm_01_0065.html">Auto Fixing Items</a>.</p>
</li><li id="asm_01_0056__li10305621141916"><strong id="asm_01_0056__b5305121111910">Access Port</strong><p id="asm_01_0056__p9305182112191">Only ports that match external protocols are displayed.</p>
</li><li id="asm_01_0056__li8016197318"><strong id="asm_01_0056__b1986112519313">Rewrite</strong><p id="asm_01_0056__p42700201559">(This parameter is configurable when the external protocol is HTTP.)</p>
<p id="asm_01_0056__p149531923439">Rewrite the HTTP URI and host/authority header before forwarding. Disabled by default. To enable it, configure the following parameters:</p>
<ul id="asm_01_0056__ul147951020181917"><li id="asm_01_0056__li279572091910">URI: This value is used to rewrite the URI or prefix.</li><li id="asm_01_0056__li3390152618199">Host/Authority Header: This value is used to rewrite the HTTP host/authority header.</li></ul>
</li></ul>
</p></li><li id="asm_01_0056__li19910958562"><span>Click <span class="uicontrol" id="asm_01_0056__uicontrol169158519564"><b>OK</b></span>.</span><p><p id="asm_01_0056__p688514211217">You can obtain the external network access address of the service in the <strong id="asm_01_0056__b840925467102515">Service Management</strong> page.</p>
</p></li></ol>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="asm_01_0033.html">Gateway Management</a></div>
</div>
</div>
View Git Blame Copy Permalink