[英]Using default SSL certificate in Istio ingress gateway in GKE
We are using GKE with managed Istio.我们将 GKE 与托管 Istio 一起使用。 We need to configure HTTPS ingress access to a list of HTTP services.
我们需要配置 HTTPS 入口访问 HTTP 服务列表。
With the default Istio installation on GKE, I do see following two directories in the ingressgateway pod:在 GKE 上默认安装 Istio 后,我确实在 ingressgateway pod 中看到了以下两个目录:
ingressgateway-ca-certs
ingressgateway-certs
But I am unable to see the certificate and the key files in there.但我无法在其中看到证书和密钥文件。 I am not sure if I am missing anything.
我不确定我是否遗漏了什么。
I also see the certificate when I run following:当我运行以下命令时,我也会看到证书:
kubectl get secret istio-ca-secret --namespace istio-system -o yaml
Do we have to explicitly install new certificates to enable HTTPS ingress or is there a way to use the one created by Istio/GKE by default?我们是否必须显式安装新证书以启用 HTTPS 入口,或者有没有办法使用默认情况下由 Istio/GKE 创建的证书?
You can set a custom SSL certificate a custom Istio Ingress Gateway:您可以将自定义 SSL 证书设置为自定义 Istio Ingress Gateway:
https://istio.io/blog/2019/custom-ingress-gateway https://istio.io/blog/2019/custom-ingress-gateway
For a GKE managed Istio the changes could be reverted back to the default values during the automatic upgrade.对于 GKE 管理的 Istio,可以在自动升级期间将更改恢复为默认值。 But you can create a new ingress gateway:
但是您可以创建一个新的入口网关:
https://cloud.google.com/istio/docs/istio-on-gke/installing#adding_gateways https://cloud.google.com/istio/docs/istio-on-gke/installing#adding_gateways
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.