Last active
September 10, 2019 16:23
-
-
Save rosenhouse/640e3766d6f6d3b3e4c64d8cac66a5b0 to your computer and use it in GitHub Desktop.
PSM TLS Passthrough for HTTP2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| apiVersion: networking.istio.io/v1alpha3 | |
| kind: ServiceEntry | |
| metadata: | |
| labels: | |
| cluster-name: gabe | |
| name: 05636106-9670-49f2-9180-dc0d76122990 | |
| namespace: psm-system | |
| spec: | |
| endpoints: | |
| - address: 10.0.11.23 | |
| - address: 10.0.11.21 | |
| - address: 10.0.11.22 | |
| hosts: | |
| - gabe.clusters.lagunabeach.cf-app.com | |
| ports: | |
| - name: 05636106-9670-49f2-9180-dc0d76122990 | |
| number: 8443 | |
| protocol: TLS # CHANGED | |
| resolution: STATIC | |
| # DELETED the DestinationRule | |
| # it isn't necessary when using TLS passthrough | |
| --- | |
| apiVersion: networking.istio.io/v1alpha3 | |
| kind: VirtualService | |
| metadata: | |
| labels: | |
| cluster-name: gabe | |
| name: 05636106-9670-49f2-9180-dc0d76122990 | |
| namespace: psm-system | |
| spec: | |
| gateways: | |
| - ingress-gateway | |
| hosts: | |
| - gabe.clusters.lagunabeach.cf-app.com | |
| tls: # CHANGED, this whole block replaces the http one | |
| - match: | |
| - port: 8443 | |
| sniHosts: | |
| - gabe.clusters.lagunabeach.cf-app.com | |
| route: | |
| - destination: | |
| host: gabe.clusters.lagunabeach.cf-app.com | |
| --- | |
| apiVersion: networking.istio.io/v1alpha3 | |
| kind: Gateway | |
| metadata: | |
| name: ingress-gateway | |
| namespace: psm-system | |
| spec: | |
| selector: | |
| istio: ingressgateway | |
| servers: | |
| - hosts: | |
| - '*' | |
| port: | |
| name: ingress-gateway | |
| number: 8443 | |
| protocol: TLS # CHANGED | |
| tls: | |
| mode: PASSTHROUGH # CHANGED |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| apiVersion: networking.istio.io/v1alpha3 | |
| kind: ServiceEntry | |
| metadata: | |
| labels: | |
| cluster-name: gabe | |
| name: 05636106-9670-49f2-9180-dc0d76122990 | |
| namespace: psm-system | |
| spec: | |
| endpoints: | |
| - address: 10.0.11.23 | |
| - address: 10.0.11.21 | |
| - address: 10.0.11.22 | |
| hosts: | |
| - gabe.clusters.lagunabeach.cf-app.com | |
| ports: | |
| - name: 05636106-9670-49f2-9180-dc0d76122990 | |
| number: 8443 | |
| protocol: HTTP | |
| resolution: STATIC | |
| --- | |
| apiVersion: networking.istio.io/v1alpha3 | |
| kind: DestinationRule | |
| metadata: | |
| labels: | |
| cluster-name: gabe | |
| name: 05636106-9670-49f2-9180-dc0d76122990 | |
| namespace: psm-system | |
| spec: | |
| host: gabe.clusters.lagunabeach.cf-app.com | |
| trafficPolicy: | |
| tls: | |
| mode: SIMPLE | |
| --- | |
| apiVersion: networking.istio.io/v1alpha3 | |
| kind: VirtualService | |
| metadata: | |
| labels: | |
| cluster-name: gabe | |
| name: 05636106-9670-49f2-9180-dc0d76122990 | |
| namespace: psm-system | |
| spec: | |
| gateways: | |
| - ingress-gateway | |
| hosts: | |
| - gabe.clusters.lagunabeach.cf-app.com | |
| http: | |
| - retries: | |
| attempts: 3 | |
| retryOn: 5xx | |
| route: | |
| - destination: | |
| host: gabe.clusters.lagunabeach.cf-app.com | |
| --- | |
| apiVersion: networking.istio.io/v1alpha3 | |
| kind: Gateway | |
| metadata: | |
| name: ingress-gateway | |
| namespace: psm-system | |
| spec: | |
| selector: | |
| istio: ingressgateway | |
| servers: | |
| - hosts: | |
| - '*' | |
| port: | |
| name: ingress-gateway | |
| number: 8443 | |
| protocol: HTTPS | |
| tls: | |
| mode: SIMPLE | |
| privateKey: /etc/istio/ingressgateway-certs/tls.key | |
| serverCertificate: /etc/istio/ingressgateway-certs/tls.crt |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment