K
Q

Using default SSL certificate in Istio ingress gateway in GKE

10/6/2019

We are using GKE with managed Istio. We need to configure HTTPS ingress access to a list of HTTP services.

With the default Istio installation on GKE, I do see following two directories in the ingressgateway pod:

ingressgateway-ca-certs
ingressgateway-certs

But I am unable to see the certificate and the key files in there. I am not sure if I am missing anything.

I also see the certificate when I run following:

kubectl get secret istio-ca-secret --namespace istio-system -o yaml

Do we have to explicitly install new certificates to enable HTTPS ingress or is there a way to use the one created by Istio/GKE by default?

-- user3621732
google-kubernetes-engine
istio
ssl

Similar Questions

How to setup scalable Jenkins on top of a EKS Cluster with persistent Volumes?
Kubernets creating statefulset fail
Editing Kubernetes pod on-the-fly
jenkins kubernetes plugin connect to cluster via proxy

1 Answer

10/9/2019

You can set a custom SSL certificate a custom Istio Ingress Gateway:

https://istio.io/blog/2019/custom-ingress-gateway

For a GKE managed Istio the changes could be reverted back to the default values during the automatic upgrade. But you can create a new ingress gateway:

https://cloud.google.com/istio/docs/istio-on-gke/installing#adding_gateways

-- Toni
Source: StackOverflow