diff --git a/modules/ossm-threescale-applying-external-service-entry-objects.adoc b/modules/ossm-threescale-applying-external-service-entry-objects.adoc index 327cdf846a90..ee23789b1a03 100644 --- a/modules/ossm-threescale-applying-external-service-entry-objects.adoc +++ b/modules/ossm-threescale-applying-external-service-entry-objects.adoc @@ -6,15 +6,15 @@ [id="ossm-threescale-applying-external-service-entry-objects_{context}"] = Applying 3scale external ServiceEntry objects -To have the `threescale-wasm-auth` module authorize requests against 3scale, the module must have access to 3scale services. You can accomplish this within {SMProductName} and Istio by applying an external `ServiceEntry` object. +To have the `threescale-wasm-auth` module authorize requests against 3scale, the module must have access to 3scale services. You can accomplish this within {ProductName} and Istio by applying an external `ServiceEntry` object and a corresponding `DestinationRule` object for TLS configuration to use the HTTPS protocol. -The custom resources set up the service entries for access from within {SMProductShortName} to 3scale Hosted (SaaS) for the backend and system components of the Service Management API and the Account Management API. The Service Management API receives queries for the authorization status of each request. The Account Management API provides API management configuration settings for your services. +The custom resources set up the service entries and destination rules for secure access from within {ProductShortName} to 3scale Hosted (SaaS) for the backend and system components of the Service Management API and the Account Management API. The Service Management API receives queries for the authorization status of each request. The Account Management API provides API management configuration settings for your services. .Procedure -* Apply the following external `ServiceEntry` custom resources to your cluster: +* Apply the following external `ServiceEntry` and related `DestinationRule` custom resources to your cluster: + -.Custom resource for 3scale Hosted backend +.`ServiceEntry` custom resource for 3scale Hosted backend [source,terminal] ---- apiVersion: networking.istio.io/v1beta1 @@ -32,7 +32,7 @@ spec: resolution: DNS ---- + -.Custom resource for 3scale Hosted system +.`ServiceEntry` custom resource for 3scale Hosted system [source,terminal] ---- apiVersion: networking.istio.io/v1beta1 @@ -49,6 +49,37 @@ spec: location: MESH_EXTERNAL resolution: DNS ---- ++ +.`DestinationRule` custom resource for 3scale Hosted backend +[source,terminal] +---- +apiVersion: networking.istio.io/v1beta1 +kind: DestinationRule +metadata: + name: threescale-saas-backend +spec: + host: su1.3scale.net + trafficPolicy: + tls: + mode: SIMPLE + sni: su1.3scale.net +---- ++ +.`DestinationRule` custom resource for 3scale Hosted system +[source,terminal] +---- +apiVersion: networking.istio.io/v1beta1 +kind: DestinationRule +metadata: + name: threescale-saas-system +spec: + host: multitenant.3scale.net + trafficPolicy: + tls: + mode: SIMPLE + sni: multitenant.3scale.net +---- + + You can use the `oc apply` command with either of the following methods to apply the objects: @@ -71,3 +102,4 @@ Alternatively, you can deploy an in-mesh 3scale service. To do this, change the [role="_additional-resources"] .Additional resources * xref:../../service_mesh/v2x/ossm-traffic-manage.adoc#ossm-routing-se_routing-traffic[`ServiceEntry` documentation] +* link:https://istio.io/v1.9/docs/reference/config/networking/destination-rule[`DestinationRule` documentation]