istio网关配置ssl证书开启443端口访问
生成ssl证书
以配置访问rancher
为例子
export DOMAIN_NAME=janrs.com
openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -subj '/O=$DOMAIN_NAME Inc./CN=$DOMAIN_NAME' -keyout $DOMAIN_NAME.key -out $DOMAIN_NAME.crt
openssl req -out rancher.$DOMAIN_NAME.csr -newkey rsa:2048 -nodes -keyout rancher.$DOMAIN_NAME.key -subj "/CN=rancher.$DOMAIN_NAME/O=rancher world from $DOMAIN_NAME"
openssl x509 -req -days 365 -CA $DOMAIN_NAME.crt -CAkey $DOMAIN_NAME.key -set_serial 0 -in rancher.$DOMAIN_NAME.csr -out rancher.$DOMAIN_NAME.crt
kubectl create secret tls istio-ingressgateway-certs -n istio-system --key rancher.$DOMAIN_NAME.key --cert rancher.$DOMAIN_NAME.crt
创建istio网关
# gateway
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: janrs
namespace: cattle-system
spec:
selector:
istio: ingressgateway
servers:
- port:
number: 443
name: https
protocol: HTTPS
hosts:
- "*"
tls:
mode: SIMPLE
credentialName: janrs-credential
---
# virtual service
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: janrs
namespace: cattle-system
spec:
hosts:
- "www.janrs.com"
gateways:
- janrs
http:
- match:
- uri:
prefix: /
route:
- destination:
port:
number: 80
host: janrs
发表回复