HTTP
Learn how to use a virtual gateway resource to configure HTTP listeners for your gateway. HTTP listeners accept incoming HTTP traffic for a specific domain and port, and forward this traffic to a specified destination in the cluster.
Before you begin
- Install Gloo Gateway in a single or multicluster setup, which includes installing Gloo components, an ingress gateway, a workspace, and workspace settings.
- Deploy the Bookinfo app without sidecars.
- Save the names of your clusters from your infrastructure provider as environment variables.
export CLUSTER_NAME=<cluster-name>
Configure virtual gateways
After deploying ingress gateway proxies, use a Gloo virtual gateway custom resource to consistently configure the ports, protocol, and TLS certificates.
-
Create a
VirtualGateway
resource to configure a listener on your ingress gateway, and apply it to your cluster. For example, review the following sample configuration file.kubectl apply -f- <<EOF apiVersion: networking.gloo.solo.io/v2 kind: VirtualGateway metadata: name: istio-ingressgateway namespace: bookinfo spec: listeners: - http: {} port: number: 80 workloads: - selector: labels: istio: ingressgateway EOF
Review the following table to understand this configuration. For more information, see the API reference.
Setting Description metadata
Give a name and namespace for the virtual gateway. The namespace must be part of the workspace that you want the virtual gateway to manage gateways for. spec.listeners
Set up the hostname and port that you want the gateway to listen for traffic on. You can specify which route tables bind to the virtual gateway by filtering on the host names in the allowedRouteTables
setting. You might have more than one listener to configure different hosts, ports, and TLS secrets. For more information on TLS, see HTTPS.spec.workloads
Use a spec.selector
label for the ingress gateway service service that you want the virtual gateway to configure. You installed a gateway in the setup section. -
Apply a route table resource, which allows you to define how requests to endpoints should be routed. For example, if you deploy the Bookinfo and httpbin sample apps, you can create the following route table that forwards traffic to the
productpage
,reviews
,ratings
andhttpbin
apps via the virtual gateway. Or, you can create route tables for your own apps by following the guides in Route requests.kubectl apply -f- <<EOF apiVersion: networking.gloo.solo.io/v2 kind: RouteTable metadata: name: www-example-com namespace: bookinfo spec: hosts: - www.example.com # Selects the virtual gateway you previously created virtualGateways: - name: istio-ingressgateway namespace: bookinfo http: # Route for the main productpage app - name: productpage matchers: - uri: prefix: /productpage forwardTo: destinations: - ref: name: productpage namespace: bookinfo port: number: 9080 # Routes all /reviews requests to the reviews-v1 or reviews-v2 apps - name: reviews labels: route: reviews matchers: - uri: prefix: /reviews forwardTo: destinations: - ref: name: reviews namespace: bookinfo port: number: 9080 # Routes all /ratings requests to the ratings-v1 app - name: ratings-ingress labels: route: ratings matchers: - uri: prefix: /ratings forwardTo: destinations: - ref: name: ratings namespace: bookinfo port: number: 9080 # Route for the httpbin app - name: httpbin-ingress labels: route: httpbin matchers: - headers: - name: X-httpbin forwardTo: destinations: - ref: name: httpbin namespace: httpbin port: number: 8000 EOF
-
Save the external address of the ingress gateway. If you deployed your ingress gateway in a different namespace or with a different version, update the command.
export INGRESS_GW_IP=$(kubectl get svc -n gloo-mesh-gateways istio-ingressgateway -o jsonpath='{.status.loadBalancer.ingress[0].ip}') echo $INGRESS_GW_IP
export INGRESS_GW_IP=$(kubectl get svc -n gloo-mesh-gateways istio-ingressgateway -o jsonpath='{.status.loadBalancer.ingress[0].hostname}') echo $INGRESS_GW_IP
Note: Depending on your environment, you might see
<pending>
instead of an external IP address. For example, if you are testing locally in kind or minikube, or if you have insufficent permissions in your cloud platform, you can instead port-forward the service port of the ingress gateway:kubectl -n gloo-mesh-gateways port-forward deploy/istio-ingressgateway 8081
-
Send a request to each route to verify that you can reach the apps’ services. If not, try Debugging your route.
productpage
:curl -vik http://www.example.com:80/productpage --resolve www.example.com:80:$INGRESS_GW_IP
Example output:
HTTP/2 200 ...
ratings
:curl -vik http://www.example.com:80/ratings/1 --resolve www.example.com:80:$INGRESS_GW_IP
Example output:
HTTP/2 200 ... {"id":1,"ratings":{"Reviewer1":5,"Reviewer2":4}}
reviews
:curl -vik http://www.example.com:80/reviews/1 --resolve www.example.com:80:$INGRESS_GW_IP curl -vik http://www.example.com:80/reviews/2 --resolve www.example.com:80:$INGRESS_GW_IP
Example output:
HTTP/2 200 ... {"id": "1","podname": "reviews-v1-55b668fc65-6pc2c","clustername": "null","reviews": [{ "reviewer": "Reviewer1", "text": "An extremely entertaining play by Shakespeare. The slapstick humour is refreshing!"},{ "reviewer": "Reviewer2", "text": "Absolutely fun and entertaining. The play lacks thematic depth when compared to other plays by Shakespeare."}]}
httpbin
:curl -vik http://www.example.com:80/status/200 -H "X-httpbin: true" --resolve www.example.com:80:$INGRESS_GW_IP
Example output:
HTTP/2 200
productpage
:curl -vik http://www.example.com:80/productpage --resolve www.example.com:80:127.0.0.1
Example output:
HTTP/2 200 ...
ratings
:curl -vik http://www.example.com:80/ratings/1 --resolve www.example.com:80:127.0.0.1
Example output:
HTTP/2 200 ... {"id":1,"ratings":{"Reviewer1":5,"Reviewer2":4}}
reviews
:curl -vik http://www.example.com:80/reviews/1 --resolve www.example.com:80:127.0.0.1 curl -vik http://www.example.com:80/reviews/2 --resolve www.example.com:80:127.0.0.1
Example output:
HTTP/2 200 ... {"id": "1","podname": "reviews-v1-55b668fc65-6pc2c","clustername": "null","reviews": [{ "reviewer": "Reviewer1", "text": "An extremely entertaining play by Shakespeare. The slapstick humour is refreshing!"},{ "reviewer": "Reviewer2", "text": "Absolutely fun and entertaining. The play lacks thematic depth when compared to other plays by Shakespeare."}]}
httpbin
:curl -vik http://www.example.com:80/status/200 -H "X-httpbin: true" --resolve www.example.com:80:127.0.0.1
Example output:
HTTP/2 200
If you see an unsuccessful response such as the following, check the health of your Bookinfo pods and make sure that they are running.
curl: (52) Empty reply from server
Next steps
Now that you have the virtual gateway configured, you can add other Gloo Gateway resources to control traffic that is routed through the gateway.
- Secure the gateway with TLS certificates to use for HTTPS traffic.
- Secure and improve traffic resiliency with traffic control and security policies.
- Apply the proxy protocol policy to your API Gateway so that it preserves connection information such as the originating client IP address.
- Process and route traffic through the virtual gateway with route tables.