istio网关配置ssl证书开启443端口访问

2023年3月2日 61点热度 0人点赞 0条评论

istio网关配置ssl证书开启443端口访问

生成ssl证书

以配置访问rancher为例子

export DOMAIN_NAME=janrs.com

openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -subj '/O=$DOMAIN_NAME Inc./CN=$DOMAIN_NAME' -keyout $DOMAIN_NAME.key -out $DOMAIN_NAME.crt

openssl req -out rancher.$DOMAIN_NAME.csr -newkey rsa:2048 -nodes -keyout rancher.$DOMAIN_NAME.key -subj "/CN=rancher.$DOMAIN_NAME/O=rancher world from $DOMAIN_NAME"
openssl x509 -req -days 365 -CA $DOMAIN_NAME.crt -CAkey $DOMAIN_NAME.key -set_serial 0 -in rancher.$DOMAIN_NAME.csr -out rancher.$DOMAIN_NAME.crt

kubectl create secret tls istio-ingressgateway-certs -n istio-system --key rancher.$DOMAIN_NAME.key --cert rancher.$DOMAIN_NAME.crt

创建istio网关

# gateway
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: janrs
  namespace: cattle-system
spec:
  selector:
    istio: ingressgateway
  servers:
    - port:
        number: 443
        name: https
        protocol: HTTPS
      hosts:
        - "*"
      tls:
        mode: SIMPLE
        credentialName: janrs-credential
---
# virtual service
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: janrs
  namespace: cattle-system
spec:
  hosts:
    - "www.janrs.com"
  gateways:
    - janrs
  http:
    - match:
        - uri:
            prefix: /
      route:
        - destination:
            port:
              number: 80
            host: janrs

本作品采用知识共享署名-非商业性使用 4.0 国际许可协议进行许可