Managing Ingress Gateway Route Tables with kubectl
kubectl command you can create, update, move, list, view,
and delete an ingress gateway route table. The following topics detail how to manage these
Required IAM Policy for Ingress Gateway Route Table
To use an ingress gateway route table, an administrator must grant you the required type of access in a policy (IAM). Whether you're using the Console, the REST API with an SDK, the CLI, Kubernetes
kubectl, or other tool, the correct permissions are required.
When an action produces a permission denied or unauthorized message, confirm a couple of settings with your administrator. The administrator must ensure that the correct type of access is granted and the correct compartment is specified.
For example, to allow users in the group
MeshAdmins to create, update, and delete all ingress route tables in the compartment
Allow group MeshAdmins to manage mesh-ingress-gateway-route-tables in compartment sales-app
For Service Mesh IAM policy reference details for each resource, see: Service Mesh IAM Policies.
For a step-by-step guide to set up all the required IAM policies for a Service Mesh, see: Set up Policies required for Service Mesh
View Kubernetes Configuration Options for Ingress Gateway Route Tables
You can view the Kubernetes CLI ingress gateway route table YAML configuration options by displaying the Custom Resource Definition (CRD). Use the following command:
kubectl describe crd ingressgatewayroutetables.servicemesh.oci.oracle.com
In the CRD, you see the fields used in a YAML configuration file under
spec:schema:openAPIV3Schema:properties:spec. CRD output also
includes information about field types, ranges, and limits. The following section
provides an example of a YAML configuration file.
Create, Update, or Move an Ingress Gateway Route Table
To create an ingress gateway route table, use the
command. For example:
kubectl apply -f ingress-gateway-rt.yaml
The following is the sample
yaml configuration file used to create
an ingress gateway route table:
apiVersion: servicemesh.oci.oracle.com/v1beta1 kind: IngressGatewayRouteTable metadata: name: <sample-ingress-gateway>-route-table # Name of Ingress Gateway Route Table namespace: <sample-namespace> spec: compartmentId: ocid1.compartment.oc1..aaa... name: <sample-ig-rt> # Ingress Gateway Route Table name inside the mesh description: This Ingress Gateway Route Table ingressGateway: ref: name: <sample-ingress-gateway> routeRules: - httpRoute: ingressGatewayHost: name: samplehost path: /foo pathType: PREFIX isGrpc: false destinations: - virtualService: ref: name: <vs-sample-page>
- Change the configuration file as needed.
- Save the file.
- Run the
- Update the compartment OCID to the value of the target compartment.
- Save the file.
- Run the
Get a List of Ingress Gateway Route Tables
To get a list of ingress gateway route tables in your namespace, use the following command:
kubectl get ingressgatewayroutetables -n <namespace>
View an Ingress Gateway Route Table
To view the details of a specific ingress gateway route table in your namespace, use the following command:
kubectl describe ingressgatewayroutetable <name> -n <namespace>
Delete an Ingress Gateway Route Table
To delete of a specific ingress gateway route table in your namespace, use the following command:
kubectl delete ingressgatewayroutetable <name> -n <namespace>