The following guides cover security configuration settings for Gloo such as TLS.
- Setting up Server TLS
- Configure CORS
- Integrating Gloo and Let's Encrypt with cert-manager
Understanding how to set up TLS for Gloo
Understanding CORS Cross-Origin Resource Sharing (CORS) is a method of enforcing client-side access controls on resources by specifying external domains that are able to access certain or all routes of your domain. Browsers use the presence of HTTP headers to determine if a response from a different origin is allowed. It is a mechanism which aims to allow requests made on behalf of you and at the same time block requests made by rogue JS.
This document shows how to secure your ingress traffic using gloo and cert-manager. We will deploy everything to minikube. With minor adjustments can be applied to any Kubernetes cluster. Pre-requisites A DNS that your control and supported by cert-manager. In this example we used ‘test.solo.io’ domain that’s managed by AWS Route53. Kubernets cluster (this document was test with minikube and linux, other OSes\clusters should work with proper adjustments). Setup Setup your DNS In this example we used the domain name ‘test.