-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy path15.1-mtls-settings.yaml
72 lines (72 loc) · 2.29 KB
/
15.1-mtls-settings.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
##################################################
# Test Name: Enable TLS to an external endpoint
# Test Number: 15.1
# Test Description:
# - Turn on TLS to an external endpoint
##################################################
apiVersion: networking.mesh.gloo.solo.io/v1
kind: VirtualMesh
metadata:
name: virtual-mesh
namespace: gloo-mesh
spec:
federation: # Enable automatic federation of all services to all clusters
selectors:
- {}
meshes:
- name: istiod-istio-system-cluster1
namespace: gloo-mesh
- name: istiod-istio-system-cluster2
namespace: gloo-mesh
---
apiVersion: discovery.mesh.gloo.solo.io/v1
kind: Destination # Representaion of a non-mesh service for routing
metadata:
name: httpbin
namespace: gloo-mesh
spec:
externalService: # httpbin.org external service
endpoints:
- address: httpbin.org
ports:
https: 443
hosts:
- httpbin.org # match on internal requests for httpbin.org
name: httpbin
ports:
- name: http
number: 80 # internal port match, requires requests be to http://httpbin.org:80 and will be upgraded to HTTPS
protocol: HTTP
---
apiVersion: networking.enterprise.mesh.gloo.solo.io/v1beta1
kind: VirtualGateway
metadata:
name: ingress
namespace: gloo-mesh
spec:
ingressGatewaySelectors:
- portName: http2 # match on port name http2
destinationSelectors:
- kubeServiceMatcher:
labels:
istio: ingressgateway # select all gateways with istio=ingressgateway label
namespaces:
- istio-system # only include istio-system namespace
connectionHandlers:
- http:
routeConfig:
- virtualHost:
domains:
- "frontend.solo.io" # listen on frontend.solo.io
routes:
- name: httpbin
routeAction:
destinations:
- staticDestination: # route to httpbin destination
name: httpbin
namespace: gloo-mesh
options:
trafficPolicy:
mtls:
istio:
tlsMode: SIMPLE # enable tls to external endpoint