Janrs.com | 杨建勇
Janrs.com | 杨建勇

istio网关配置ssl证书开启443端口访问

istio网关配置ssl证书开启443端口访问


生成ssl证书

以配置访问rancher为例子

export DOMAIN_NAME=janrs.com

openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -subj '/O=$DOMAIN_NAME Inc./CN=$DOMAIN_NAME' -keyout $DOMAIN_NAME.key -out $DOMAIN_NAME.crt

openssl req -out rancher.$DOMAIN_NAME.csr -newkey rsa:2048 -nodes -keyout rancher.$DOMAIN_NAME.key -subj "/CN=rancher.$DOMAIN_NAME/O=rancher world from $DOMAIN_NAME"
openssl x509 -req -days 365 -CA $DOMAIN_NAME.crt -CAkey $DOMAIN_NAME.key -set_serial 0 -in rancher.$DOMAIN_NAME.csr -out rancher.$DOMAIN_NAME.crt

kubectl create secret tls istio-ingressgateway-certs -n istio-system --key rancher.$DOMAIN_NAME.key --cert rancher.$DOMAIN_NAME.crt

创建istio网关

# gateway
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: janrs
  namespace: cattle-system
spec:
  selector:
    istio: ingressgateway
  servers:
    - port:
        number: 443
        name: https
        protocol: HTTPS
      hosts:
        - "*"
      tls:
        mode: SIMPLE
        credentialName: janrs-credential
---
# virtual service
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: janrs
  namespace: cattle-system
spec:
  hosts:
    - "www.janrs.com"
  gateways:
    - janrs
  http:
    - match:
        - uri:
            prefix: /
      route:
        - destination:
            port:
              number: 80
            host: janrs
如果你有任何问题,欢迎在底部留言。或者点击加入微信技术交流群 | 我的GitHub

码仔

文章作者

Janrs.com

发表回复

textsms
account_circle
email

Janrs.com | 杨建勇

istio网关配置ssl证书开启443端口访问
istio网关配置ssl证书开启443端口访问 生成ssl证书 以配置访问rancher为例子 export DOMAIN_NAME=janrs.com openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -subj '…
扫描二维码继续阅读
2023-03-02