Skip to content

Instantly share code, notes, and snippets.

@mathieu-benoit
Last active January 11, 2022 19:08
Show Gist options
  • Save mathieu-benoit/19c020c9a1cbe19e0541316502358f91 to your computer and use it in GitHub Desktop.
Save mathieu-benoit/19c020c9a1cbe19e0541316502358f91 to your computer and use it in GitHub Desktop.
asm-ingress.yaml
apiVersion: v1
kind: Service
metadata:
name: istio-ingressgateway
namespace: istio-ingress
spec:
type: LoadBalancer
selector:
istio: ingressgateway
ports:
- port: 80
name: http
- port: 443
name: https
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: istio-ingressgateway
namespace: istio-ingress
spec:
selector:
matchLabels:
istio: ingressgateway
template:
metadata:
annotations:
inject.istio.io/templates: gateway
labels:
istio: ingressgateway
spec:
containers:
- name: istio-proxy
image: auto
resources:
limits:
cpu: 2000m
memory: 1024Mi
requests:
cpu: 100m
memory: 128Mi
---
# Set up roles to allow reading credentials for TLS
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: istio-ingressgateway-sds
namespace: istio-ingress
rules:
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get", "watch", "list"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: istio-ingressgateway-sds
namespace: istio-ingress
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: istio-ingressgateway-sds
subjects:
- kind: ServiceAccount
name: default
apiVersion: v1
kind: Service
metadata:
name: asm-ingressgateway
annotations:
cloud.google.com/neg: '{"ingress": true}'
cloud.google.com/backend-config: '{"default": "asm-ingressgateway"}'
labels:
asm: ingressgateway
spec:
ports:
- name: status-port
port: 15021
protocol: TCP
targetPort: 15021
- name: http2
port: 80
targetPort: 8081
- name: https
port: 443
targetPort: 8443
selector:
asm: ingressgateway
type: ClusterIP
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: asm-ingressgateway
spec:
selector:
matchLabels:
asm: ingressgateway
template:
metadata:
annotations:
inject.istio.io/templates: gateway
labels:
asm: ingressgateway
spec:
containers:
- name: istio-proxy
image: auto
---
apiVersion: cloud.google.com/v1
kind: BackendConfig
metadata:
name: asm-ingressgateway
spec:
healthCheck:
requestPath: /healthz/ready
port: 15021
type: HTTP
securityPolicy:
name: SECURITY_POLICY
---
apiVersion: networking.gke.io/v1
kind: ManagedCertificate
metadata:
name: asm-ingressgateway
spec:
domains:
- "HOST_NAME"
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: asm-ingressgateway
annotations:
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: "IP_NAME"
networking.gke.io/managed-certificates: "asm-ingressgateway"
kubernetes.io/ingress.class: "gce"
spec:
defaultBackend:
service:
name: asm-ingressgateway
port:
number: 443
rules:
- http:
paths:
- path: /*
pathType: ImplementationSpecific
backend:
service:
name: asm-ingressgateway
port:
number: 443
---
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: asm-ingressgateway
spec:
selector:
asm: ingressgateway
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "*"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment