The OSM ingress guide with Gloo API Gateway is a short demo on exposing HTTP routes on services within the mesh externally using the Gloo Edge ingress controller.

Sample demo

HTTP traffic with ingress

The following demo sends a request from an external IP to a httpbin service inside the cluster.

  1. Install the Gloo Edge ingress controller with the glooctl CLI

    glooctl install ingress
    

    Verify that the pods in the gloo-system namespace is up and running:

    $ kubectl get pods -n gloo-system
    NAME                             READY   STATUS    RESTARTS   AGE
    discovery-b7c89f698-7xpw5        1/1     Running   0          173m
    gloo-7b844d6cd4-djnlk            1/1     Running   0          173m
    ingress-7ffcc9df95-7fb6j         1/1     Running   0          173m
    ingress-proxy-76cf8c6bdb-m727w   1/1     Running   0          173m
    
  2. Install OSM onto the cluster.

    osm install
    
  3. Deploy the httpbin service into the httpbin namespace after enrolling its namespace to the mesh. The httpbin service runs on port 14001.

    # Create the httpbin namespace
    kubectl create namespace httpbin
    
    # Add the namespace to the mesh
    osm namespace add httpbin
    
    # Deploy httpbin service in the httpbin namespace
    kubectl apply -f docs/example/manifests/samples/httpbin/httpbin.yaml -n httpbin
    

    Confirm the httpbin service and pods are up and running.

    $ kubectl get pods -n httpbin
    NAME                       READY   STATUS    RESTARTS   AGE
    httpbin-74677b7df7-7f5v4   1/1     Running   0          149m
    
    $ kubectl get svc -n httpbin
    NAME      TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)     AGE
    httpbin   ClusterIP   10.0.115.107   <none>        14001/TCP   149m
    
  4. Apply an ingress configuration yaml to expose the HTTP path /status/200 on the httpbin service with kubectl apply -f

    Note: Use the appropriate ingress resource based on the desired API version.

    Ingress v1 resource:

    apiVersion: networking.k8s.io/v1
    kind: Ingress
    metadata:
      name: httpbin-ingress
      namespace: httpbin
    spec:
      ingressClassName: gloo
      rules:
      - http:
          paths:
          - path: /status/200
            pathType: ImplementationSpecific # Must be one of: Exact, Prefix, ImplementationSpecific
            backend:
              service:
                name: httpbin
                port:
                  number: 14001
    

    Ingress v1beta1 resource:

    apiVersion: networking.k8s.io/v1beta1
    kind: Ingress
    metadata:
      name: httpbin-ingress
      namespace: httpbin
      annotations:
        kubernetes.io/ingress.class: gloo
    spec:
      rules:
      - http:
          paths:
          - path: /status/200
            pathType: ImplementationSpecific # Must be one of: Exact, Prefix, ImplementationSpecific
            backend:
              serviceName: httpbin
              servicePort: 14001
    
  5. Confirm that the httpbin-ingress has been successfully deployed.

    $ kubectl get ingress -n httpbin
    NAME              CLASS    HOSTS                               ADDRESS         PORTS   AGE
    httpbin-ingress   <none>   httpbin.httpbin.svc.cluster.local   52.234.160.38   80      152m
    
  6. Configure the Upstream object to use OSM’s root ca bundle:

    apiVersion: gloo.solo.io/v1
    kind: Upstream
    metadata:
      name: httpbin-httpbin-14001
      namespace: gloo-system
    spec:
      sslConfig:
        sni: "httpbin.httpbin.svc.cluster.local"
        secretRef:
          name: osm-ca-bundle
          namespace: gloo-system
    kube:
      selector:
        app: httpbin
      serviceName: httpbin
      serviceNamespace: httpbin
      servicePort: 14001
    
  7. Confirm that a request to the httpbin service via the external IP address of the Ingress resource succeeds (in this case, the external address would be 52.234.160.38)

    curl http://<external-ip>/status/200
    

At this point you can call your Ingress endpoint and get HTTPS traffic from the edge to your OSM service. As a convenience, you can run the following to get your ingress hostname/IP:

glooctl proxy url --name ingress-proxy