Configuring Gateway

Gateway provides route forwarding, and security management. Gateway can be used to manage request forwarding under the Dev Portal and App Portal domains and segregate management of service-level route configuration.

When the gateway receives access traffic, it determines whether it matches and decides on subsequent request forwarding based on the configured route rules.

This article describes how application developers can configure a Gateway for applications.

Creating Route Rules

Prerequisites

Before creating a new route rule, you need to create an application and configure basic information. For detailed steps, see Managing Applications

Configuring Route Rule Basic Information

Create a new route configuration for the application by following these steps.

  1. In the project list, click a project name to enter the project space.

  2. In the left navigation bar, select Gateway > Route.

  3. Click New Route and in the Basic Information field, complete the basic configuration information for the route.

    • Application:From the list of created applications, select to create a route for the target application.

    • Environment:Select application environment.

    • Cluster:Select the cluster in which to deploy the application.

    • Name:Enter the route name, using the application name as a fixed prefix, the route name cannot be repeated.

    • Description:Enter a description of the information about this route.

  4. Click Next Step and fill in the API Request configuration information.

    • Request Protocol:Select the request protocol that the route rule needs to match. Support http and https (multiple options available).

    • Request Host:Select the request host that the route rule needs to match. Support Dev Portal, App Portal, ECP and DOCS.

    • Request Path:Enter the API request path that the route rule needs to match

    • Strip Path:Enabled means that when forwarding to the backend, the prefix matching the request path is removed, e.g. the request path is /app/demo, when requesting /app/demo/param it will change to /param route to the backend service, which is disabled by default.

  5. Click Next Step to fill in the backend service configuration information.

    • Service Source:Select the source of the target service to which the route rule is directed. If the default is to use Kubernetes Service as the target service, continue to select the Service resource corresponding to the application. You can also use an external service as the target service source, and the full service address must be entered.

    • Service Protocol:The Service protocol provided by the service when the service source is a Kubernetes Service.

    • Service:The Service resource to which the application belongs. If the application does not have a Service configured, it must be created first.

    • Service Port:The accessible port configured in the Service resource to which the application belongs.

    • Service Request Path:The path to request the backend service.

    • Advanced Settings

      • Connect Timeout:The maximum wait time for establishing a connection when requesting a backend service.

      • Read Timeout:The maximum wait time for reading data when requesting backend services.

      • Write Timeout:The maximum wait time for writing data when requesting backend services.

      • Retries:The number of automatic retries after request timeout.

  6. Click Complete to finish creating the new route.

Batch operation route rules

When an application is published to a new environment, application-related route rules can be created through the export/import feature of the batch operation.

Export Route Rules

  1. In the project list, click a project name to enter the project space.

  2. In the left navigation bar, select Gateway > Route.

  3. Click Batch Operations > Export and select the application and environment and cluster to be exported.

  4. Click OK to download the file. The export file is in yaml format and contains Kubernetes resources for all routes under the application.

Import Route Rules

  1. In the project list, click a project name to enter the project space.

  2. In the left navigation bar, select Gateway > Route.

  3. Click Batch Operations > Import, select the environment and cluster to import, and upload the yaml format file.

  4. Click OK to display the import results when the import is complete. If a route already exists in the import file, it will be overwritten and updated.

Configuring Route Rules

The route details page can be used for route rule authentication, traffic control and request log.

Authentication

Cloud IAM and ECP IAM authentication is currently supported: When this authentication method is configured, when the gateway receives a request that matches the route rules, it will intercept the request and issue authentication to Cloud IAM or ECP IAM to determine if the user identity in the request is valid. If the authentication does not pass, the gateway returns directly and does not continue the request to the back-end service.

Note

Authentication waiver can be set for some specific request paths that match the route rules.

Traffic Control

The maximum number of route requests can be set, and requests will be rejected if the request frequency is exceeded. Support the number of requests per second setting.

Request Log

Support for developing logging request logs based on request method, additional configuration of logging-free path list for request paths that do not need to be logged.

After opening the request, queries can be made based on the request time, request user name and request path keywords.

Note

Request path keywords: The log storage component will index the paths by word, for example, if the path is /demo/index-app, you can try to enter demo, index, app to search.

Log queries are also no longer available after the request logging configuration is turned off.