# Copyright 2022 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. apiVersion: v1 kind: Service metadata: name: istio-ingressgateway labels: app: istio-ingressgateway istio: ingressgateway annotations: cloud.google.com/neg: '{"ingress": true}' cloud.google.com/backend-config: '{"ports":{"http2":"ingressgateway-default","custom-backendconfig-port":"custom-backendconfig"}}' spec: ports: # status-port exposes a /healthz/ready endpoint that can be used with GKE Ingress health checks - name: status-port port: 15021 protocol: TCP targetPort: 15021 - name: http2 port: 15022 targetPort: 80 - name: custom-backendconfig-port port: 15023 targetPort: 80 selector: istio: ingressgateway app: istio-ingressgateway type: ClusterIP --- apiVersion: cloud.google.com/v1 kind: BackendConfig metadata: name: ingressgateway-default spec: timeoutSec: 120 healthCheck: checkIntervalSec: 10 timeoutSec: 2 port: 15021 type: HTTP requestPath: /healthz/ready --- apiVersion: cloud.google.com/v1 kind: BackendConfig metadata: name: custom-backendconfig spec: timeoutSec: 120 healthCheck: checkIntervalSec: 10 timeoutSec: 2 port: 15021 type: HTTP requestPath: /healthz/ready iap: enabled: true oauthclientCredentials: secretName: my-secret --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: ingressgateway spec: tls: - secretName: my-cert defaultBackend: service: name: istio-ingressgateway port: number: 15022 rules: - host: "bar.example.com" http: paths: - path: / backend: service: name: istio-ingressgateway port: number: 15023 pathType: Prefix --- apiVersion: networking.istio.io/v1alpha3 kind: Gateway metadata: name: ingressgateway spec: selector: istio: ingressgateway # use Istio default gateway implementation servers: - port: number: 80 name: http protocol: HTTP hosts: - "*" - port: number: 443 name: https protocol: HTTPS hosts: - "*" tls: mode: SIMPLE # enables HTTPS on this port credentialName: my-cert