HTTP
Use virtual gateways to configure HTTP listeners for your ingress gateway.
HTTP listeners accept incoming HTTP traffic for a specific domain and port, and forward this traffic to a specified destination in the cluster.
Before you begin
This guide assumes that you use the same names for components like clusters, workspaces, and namespaces as in the getting started. If you have different names, make sure to update the sample configuration files in this guide.
Set up an HTTP listener
After deploying ingress gateway proxies, use a Gloo virtual gateway custom resource to consistently configure the ports, and protocol.
When you apply the Gloo custom resources in this guide to your cluster, Gloo Mesh Gateway automatically checks the configuration against validation rules and value constraints. You can also run a pre-admission validation check by using the meshctl x validate resources command. For more information, see the resource validation overview and the CLI command reference.
Create a
VirtualGatewayresource to configure a listener on your ingress gateway, and apply it to your cluster. For example, review the following sample configuration file.kubectl apply -f- <<EOF apiVersion: networking.gloo.solo.io/v2 kind: VirtualGateway metadata: name: istio-ingressgateway namespace: bookinfo spec: listeners: - http: {} port: number: 80 workloads: - selector: labels: istio: ingressgateway EOFReview the following table to understand this configuration. For more information, see the API reference.
Setting Description metadataGive a name and namespace for the virtual gateway. The namespace must be part of the workspace that you want the virtual gateway to manage gateways for. spec.listenersSet up the hostname and port that you want the gateway to listen for traffic on. You can specify which route tables bind to the virtual gateway by filtering on the host names in the allowedRouteTablessetting. You might have more than one listener to configure different hosts, ports, and TLS secrets. For more information on TLS, see HTTPS.spec.workloadsUse a spec.selectorlabel for the ingress gateway service that you want the virtual gateway to configure. You installed a gateway in the setup section.Apply a route table resource, which allows you to define how requests to endpoints should be routed. For example, if you deploy the Bookinfo and httpbin sample apps, you can create the following route table that forwards traffic to the
productpage,reviews,ratingsandhttpbinapps via the virtual gateway. Or, you can create route tables for your own apps by following the guides in Traffic management.kubectl apply -f- <<EOF apiVersion: networking.gloo.solo.io/v2 kind: RouteTable metadata: name: www-example-com namespace: bookinfo spec: hosts: - www.example.com # Selects the virtual gateway you previously created virtualGateways: - name: istio-ingressgateway namespace: bookinfo http: # Route for the main productpage app - name: productpage matchers: - uri: prefix: /productpage forwardTo: destinations: - ref: name: productpage namespace: bookinfo port: number: 9080 # Routes all /reviews requests to the reviews-v1 or reviews-v2 apps - name: reviews labels: route: reviews matchers: - uri: prefix: /reviews forwardTo: destinations: - ref: name: reviews namespace: bookinfo port: number: 9080 # Routes all /ratings requests to the ratings-v1 app - name: ratings-ingress labels: route: ratings matchers: - uri: prefix: /ratings forwardTo: destinations: - ref: name: ratings namespace: bookinfo port: number: 9080 # Route for the httpbin app - name: httpbin-ingress labels: route: httpbin matchers: - headers: - name: X-httpbin forwardTo: destinations: - ref: name: httpbin namespace: httpbin port: number: 8000 EOFSave the external address of the ingress gateway. If you deployed your ingress gateway in a different namespace or with a different version, update the command.
export INGRESS_GW_ADDRESS=$(kubectl get svc -n gloo-mesh-gateways istio-ingressgateway -o jsonpath="{.status.loadBalancer.ingress[0]['hostname','ip']}") echo $INGRESS_GW_ADDRESSNote: Depending on your environment, you might see
<pending>instead of an external IP address. For example, if you are testing locally in kind or minikube, or if you have insufficient permissions in your cloud platform, you can instead port-forward the service port of the ingress gateway:kubectl -n gloo-mesh-gateways port-forward deploy/istio-ingressgateway 8081Send a request to each route to verify that you can reach the apps’ services. If not, try Debugging your route.
If you see an unsuccessful response such as the following, check the health of your Bookinfo pods and make sure that they are running.
curl: (52) Empty reply from server
Next steps
Now that you have the virtual gateway configured, you can add other Gloo Mesh Gateway resources to control traffic that is routed through the gateway.