- What's New
- Product Bulletin
- Service Overview
- Billing
- Getting Started
-
User Guide
- Application Service Mesh
- Buying a Service Mesh
- Mesh Management
- Service Management
- Gateway Management
- Grayscale Release
- Mesh Configuration
- Traffic Management
- Security
-
Best Practices
- Upgrading Data Plane Sidecars Without Service Interruption
- Service Governance for Dubbo-based Applications
- Reserving Source IP Address for Gateway Access
- Creating a Service Mesh with IPv4/IPv6 Dual Stack Enabled
- How Do I Query Application Metrics in AOM?
- Reducing the Agency Permissions of ASM Users
- Istio-ingressgateway HA Configuration
-
FAQs
- Service Mesh Cluster
-
Mesh Management
- Why Cannot I Create a Mesh for My Cluster?
- Why Are Exclusive Nodes Still Exist After Istio Is Uninstalled?
- How Do I Upgrade ICAgent?
- How Do I Enable Namespace Injection for a Cluster?
- How Do I Disable Sidecar Injection for Workloads?
- What Can I Do If A Pod Cannot Be Started Due to Unready Sidecar
- How Do I Handle a Canary Upgrade Failure?
-
Adding a Service
- What Do I Do If an Added Gateway Does Not Take Effect?
- Why Does It Take a Long Time to Start the Demo Application in Experiencing Service Mesh in One Click?
- Why Cannot I Access the page of the Demo Application After It Is Successfully Deployed?
- Why Cannot I Select the Corresponding Service When Adding a Route?
- How Do I Inject a Sidecar for the Pod Created Using a Job or CronJob?
- Performing Grayscale Release
-
Managing Traffic
- Why Are the Created Clusters, Namespaces, and Applications Not Displayed on the Traffic Management Page?
- How Do I Change the Resource Requests of the istio-proxy Container?
- Does ASM Support HTTP/1.0?
- How Can I Block Access from Some IP Address Ranges or Ports for a Service Mesh?
- How Do I Configure max_concurrent_streams for a Gateway?
- How Do I Fix Compatibility Issues Between Istio CNI and Init Containers?
-
Monitoring Traffic
- Why Cannot I View Traffic Monitoring Data Immediately After a Pod Is Started?
- Why Are the Latency Statistics on the Dashboard Page Inaccurate?
- Why Is the Traffic Ratio Inconsistent with That in the Traffic Monitoring Chart?
- Why Can't I Find Certain Error Requests in Tracing?
- Why Cannot I Find My Service in the Traffic Monitoring Topology?
- How Do I Connect a Service Mesh to Jaeger or Zipkin for Viewing Traces?
- Videos
-
More Documents
-
User Guide (ME-Abu Dhabi Region)
- Service Overview
- Getting Started
- User Guide
-
FAQs
- Service Mesh Cluster
- Mesh Management
-
Adding a Service
- What Do I Do If an Added Gateway Does Not Take Effect?
- Why Does It Take a Long Time to Start the Demo Application in Experiencing Service Mesh in One Click?
- Why Cannot I Access the page of the Demo Application After It Is Successfully Deployed?
- Why Cannot I Select the Corresponding Service When Adding a Route?
- Performing Grayscale Release
-
User Guide (ME-Abu Dhabi Region)
- General Reference
Show all
Copied.
Adding a Gateway
A gateway enables unified entry, traffic management, security, and service isolation.
Prerequisites
Gateways use load balancers of ELB to provide network access. Before adding a gateway, you need to create a load balancer.
When creating a load balancer, you need to ensure that it belongs to the same VPC as the cluster. For details, see Creating a Shared Load Balancer.
Procedure
- Log in to the ASM console and click the name of the target service mesh to go to its details page.
- In the navigation pane on the left, choose Gateway Management and click Add Gateway.
- Configure the following parameters.
- Gateway Name
Enter a gateway name. Enter 4 to 59 characters starting with a lowercase letter and ending with a lowercase letter or digit. Only lowercase letters, digits, and hyphens (-) are allowed.
- Cluster
Select the cluster to which the gateway belongs.
- Access Mode
- IP Version: The value can be IPv4 or DualStack. This parameter is available only when IPv6 is enabled.
- Gateways use shared and dedicated load balancers of ELB for the access over both public and private IPv4 networks.
- Access Entry
- External Protocol
Select one to match the protocol type of your service. HTTP, gRPC, TCP, TLS, and HTTPS are supported.
- External Port
Enter the port number exposed in the Load Balancer Service address. The port number can be specified randomly.
- External Access Address
The system automatically fills in the IP address of the load balancer as the service access entry. You can also change the IP address to the domain name associated with the load balancer.
- TLS Termination
If External Protocol is HTTPS, TLS Termination is enabled and cannot be disabled.
If External Protocol is TLS, you can enable or disable TLS Termination. If you enable TLS termination, bind a certificate to support TLS-based data transmission encryption and authentication. If you disable TLS termination, encrypted TLS data will be directly forwarded.
- Secret Certificate
- When configuring a TLS protocol with TLS termination enabled, you need to bind a certificate to support TLS-based data transmission encryption and authentication.
- When configuring the HTTPS protocol, you need to bind a secret certificate.
- Earliest TLS Version Supported/Latest TLS Version Supported
When configuring a TLS protocol with TLS termination enabled or an HTTPS protocol, you can select the earliest and latest TLS versions.
- External Protocol
- Gateway Name
- (Optional) Configure routing parameters.
When the access address of a request matches the forwarding policy (which consists of an external access address and URL), the request is forwarded to the corresponding target Service for processing. Click
. The Add Route dialog box is displayed.
- URL Matching Rule
- Prefix: A URL can be accessed if its prefix is the same as that you configure. For example, /healthz/v1 and /healthz/v2.
- Exact: Only the URL that fully matches the values you set can be accessed. For example, if the URL is set to /healthz, only /healthz can be accessed.
- URL
Mapping URL supported by the service, for example, /example.
- Namespace
Select the namespace to which the gateway belongs.
- Target Service
Service of the gateway. Select a value from the drop-down list box. The target service is filtered based on the corresponding gateway protocol. For details about the filtering rules, see Why Cannot I Select the Corresponding Service When Adding a Route?
The service which configuration diagnosis fails cannot be selected. You need to fix the issues first. For details, see Manual Fixing Items or Auto Fixing Items.
- Access Port
Only ports that match external protocols are displayed.
- Rewrite
(This parameter is configurable when the external protocol is HTTP.)
Rewrite the HTTP URI and host/authority header before forwarding. Disabled by default. To enable it, configure the following parameters:
- URI: This value is used to rewrite the URI or prefix.
- Host/Authority Header: This value is used to rewrite the HTTP host/authority header.
- Specify Domain Name
Configure a routing rule for a domain name of the gateway.
- URL Matching Rule
- Click OK.
You can obtain the external network access address of the service in the Service Management page.
Figure 1 External network access address of the service
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot