Gateway
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: emco-gateway
namespace: emco
spec:
selector:
istio: ingressgateway # use Istio default gateway implementation
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "*"
- port:
number: 443
name: https
protocol: HTTPS
tls:
mode: SIMPLE
credentialName: emco-certs
hosts:
- "*"
Virtual Service
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: vs-emco
namespace: emco
spec:
hosts:
- "*"
gateways:
- emco-gateway
http:
- match:
- uri:
regex: /v2/cluster-providers/.+/.+/.+/networks
- uri:
regex: /v2/cluster-providers/.+/.+/.+/provider-networks
- uri:
regex: /v2/cluster-providers/.+/.+/.+/apply
- uri:
regex: /v2/cluster-providers/.+/.+/.+/terminate
route:
- destination:
port:
number: 9031
host: ncm
- match:
- uri:
prefix: /v2/cluster-providers
route:
- destination:
port:
number: 9061
host: clm
- match:
- uri:
prefix: /v2/controllers
route:
- destination:
port:
number: 9015
host: orchestrator
- match:
- uri:
regex: /v2/projects/.+/logical-clouds
route:
- destination:
port:
number: 9077
host: dcm
- match:
- uri:
regex: /v2/projects/.+/.+/.+/.+/.+/.+/network-controller-intent
route:
- destination:
port:
number: 9051
host: ovnaction
- match:
- uri:
prefix: /v2/projects
route:
- destination:
port:
number: 9015
host: orchestrator
Enable mTLS for EMCO namespace
MTLS
kubectl apply -n emco -f - <<EOF
apiVersion: "security.istio.io/v1beta1"
kind: "PeerAuthentication"
metadata:
name: "default"
spec:
mtls:
mode: STRICT
EOF