Gateway Settings Tab
The Gateway Settings tab of the Gateway/Load Balancer screen (see The Gateway/Load Balancer Screen) allows you to specify a port mapping range for use with Gateway hosts (see Gateway Hosts) and to configure Gateway host SSL termination for non-secure (HTTP) cluster services running in pods.
This tab has the following functions:
- Port Mapping Range: The Port Mapping Range fields allow you specify a
custom range of ports to use for accessing services via Gateway hosts when using a
private, non-routable network. These ports must be reserved for exclusive use by the
deployment. The maximum allowable port range is 10000-50000. When working with port
ranges:
- To add a port range, click the Add icon (plus sign) next to a port range.
- To remove a port range, click the Remove icon (minus sign) next to the port range you with to remove.
- To assign a single port, enter the same number in the start and end fields. For example, to reserve port 10100, then enter 10100 twice, as shown above.
- Port ranges must be non-contiguous. For example, if you add ports 20000 to 20500 in one range and then add ports 20501 to 21000 in another range, then these ranges will be combined into a single range that consists of ports 20000-21000.
- Any range that overlaps with an existing range will be ignored. In the above example, if you add the range 20400-25000, then that range will not be added, nor will it add ports 21001-25000 to the range 20000-21000.
NOTE
You must remove all Kubernetesclusters before modifying the port range settings. - SSL Termination: Checking this check box configures the Gateway hosts to provide SSL termination for non-secure (HTTP) cluster services running in virtual nodes (containers).
- SSL Certificate File: When the SSL Termination check box is checked, this field allows you to specify an HTTPS certificate file. Clicking the Browse button allows you to navigate to and select a new or replacement certificate. This may be a self-signed certificate, if desired; however, this may trigger HTTPS warnings in your web browser.
NOTE
Encrypted (password-protected) certificates or keypairs for SSL
termination are not supported. SSL termination will fail if you add
an encrypted certificate.
- SSL Key File: When the SSL Termination check box is checked, this field allows you to specify an RSA private key file. Clicking the Browse button allows you to navigate to and select a new or replacement RSA key file.
Click the Submit button when you have finished making changes to the gateway settings.
NOTE
Gateway hosts will perform SSL tunneling (as opposed to SSL
termination) for cluster services that have explicit HTTPS
endpoints.