From c8ef0e3af5e43cf5e4ce6cc5e41c60520f2891e5 Mon Sep 17 00:00:00 2001 From: Darren Fennessy Date: Thu, 23 Jun 2022 11:43:51 +0100 Subject: [PATCH] Added content for the DestinationRule custom resource. --- ...plying-external-service-entry-objects.adoc | 42 ++++++++++++++++--- 1 file changed, 37 insertions(+), 5 deletions(-) diff --git a/modules/ossm-threescale-applying-external-service-entry-objects.adoc b/modules/ossm-threescale-applying-external-service-entry-objects.adoc index 25286a7c626e..a424ba31b57b 100644 --- a/modules/ossm-threescale-applying-external-service-entry-objects.adoc +++ b/modules/ossm-threescale-applying-external-service-entry-objects.adoc @@ -5,15 +5,15 @@ [id="ossm-threescale-applying-external-service-entry-objects_{context}"] = Applying 3scale external ServiceEntry objects -To have the `threescale-wasm-auth` module authorize requests against 3scale, the module must have access to 3scale services. You can accomplish this within {ProductName} and Istio by applying an external `ServiceEntry` object. +To have the `threescale-wasm-auth` module authorize requests against 3scale, the module must have access to 3scale services. You can accomplish this within {ProductName} and Istio by applying an external `ServiceEntry` object and a corresponding `DestinationRule` object for TLS configuration to use the HTTPS protocol. -The custom resources set up the service entries for access from within {ProductShortName} to 3scale Hosted (SaaS) for the backend and system components of the Service Management API and the Account Management API. The Service Management API receives queries for the authorization status of each request. The Account Management API provides API management configuration settings for your services. +The custom resources set up the service entries and destination rules for secure access from within {ProductShortName} to 3scale Hosted (SaaS) for the backend and system components of the Service Management API and the Account Management API. The Service Management API receives queries for the authorization status of each request. The Account Management API provides API management configuration settings for your services. .Procedure -* Apply the following external `ServiceEntry` custom resources to your cluster: +* Apply the following external `ServiceEntry` and related `DestinationRule` custom resources to your cluster: + -.Custom resource for 3scale Hosted backend +.`ServiceEntry` custom resource for 3scale Hosted backend [source,terminal] ---- apiVersion: networking.istio.io/v1beta1 @@ -31,7 +31,7 @@ spec: resolution: DNS ---- + -.Custom resource for 3scale Hosted system +.`ServiceEntry` custom resource for 3scale Hosted system [source,terminal] ---- apiVersion: networking.istio.io/v1beta1 @@ -48,6 +48,37 @@ spec: location: MESH_EXTERNAL resolution: DNS ---- ++ +.`DestinationRule` custom resource for 3scale Hosted backend +[source,terminal] +---- +apiVersion: networking.istio.io/v1beta1 +kind: DestinationRule +metadata: + name: threescale-saas-backend +spec: + host: su1.3scale.net + trafficPolicy: + tls: + mode: SIMPLE + sni: su1.3scale.net +---- ++ +.`DestinationRule` custom resource for 3scale Hosted system +[source,terminal] +---- +apiVersion: networking.istio.io/v1beta1 +kind: DestinationRule +metadata: + name: threescale-saas-system +spec: + host: multitenant.3scale.net + trafficPolicy: + tls: + mode: SIMPLE + sni: multitenant.3scale.net +---- + + You can use the `oc apply` command with either of the following methods to apply the objects: @@ -69,3 +100,4 @@ Alternatively, you can deploy an in-mesh 3scale service. To do this, change the .Additional resources * xref:../../service_mesh/v2x/ossm-traffic-manage.adoc#ossm-routing-se_routing-traffic[`ServiceEntry` documentation] +* xref:https://istio.io/v1.9/docs/reference/config/networking/destination-rule[`DestinationRule` documentation]