Chapter 6. Create your Gateway instance

Procedure

1. Enter the following command to create the Gateway:

   kubectl apply -f - <<EOF
   apiVersion: gateway.networking.k8s.io/v1
   kind: Gateway
   metadata:
     name: ${KUADRANT_GATEWAY_NAME}
     namespace: ${KUADRANT_GATEWAY_NS}
     labels:
       kuadrant.io/gateway: "true"
   spec:
       gatewayClassName: istio
       listeners:
       - allowedRoutes:
           namespaces:
             from: All
         hostname: "api.${KUADRANT_ZONE_ROOT_DOMAIN}"
         name: api
         port: 443
         protocol: HTTPS
         tls:
           certificateRefs:
           - group: ""
             kind: Secret
             name: api-${KUADRANT_GATEWAY_NAME}-tls
           mode: Terminate
   EOF

   Copy to Clipboard Toggle word wrap

2. Check the status of your Gateway as follows:

   kubectl get gateway ${KUADRANT_GATEWAY_NAME} -n ${KUADRANT_GATEWAY_NS} -o=jsonpath='{.status.conditions[?(@.type=="Accepted")].message}{"\n"}{.status.conditions[?(@.type=="Programmed")].message}'

   Copy to Clipboard Toggle word wrap

   Your Gateway should be Accepted and Programmed, which means that it is valid and assigned an external address.

3. Check the status of your HTTPS listener as follows:

   kubectl get gateway ${KUADRANT_GATEWAY_NAME} -n ${KUADRANT_GATEWAY_NS} -o=jsonpath='{.status.listeners[0].conditions[?(@.type=="Programmed")].message}'

   Copy to Clipboard Toggle word wrap

   You will see that the HTTPS listener is not yet programmed or ready to accept traffic due to bad TLS configuration. Connectivity Link can help with this by using a TLSPolicy, which is described in the next step.