在 GKE 的 Istio 入口网关中使用默认的 SSL 证书
[英]Using default SSL certificate in Istio ingress gateway in GKE
问题描述
We are using GKE with managed Istio.
我们将 GKE 与托管 Istio 一起使用。 We need to configure HTTPS ingress access to a list of HTTP services.我们需要配置 HTTPS 入口访问 HTTP 服务列表。
With the default Istio installation on GKE, I do see following two directories in the ingressgateway pod:在 GKE 上默认安装 Istio 后,我确实在 ingressgateway pod 中看到了以下两个目录:
ingressgateway-ca-certs
ingressgateway-certs
But I am unable to see the certificate and the key files in there.但我无法在其中看到证书和密钥文件。 I am not sure if I am missing anything.我不确定我是否遗漏了什么。
I also see the certificate when I run following:当我运行以下命令时,我也会看到证书:
kubectl get secret istio-ca-secret --namespace istio-system -o yaml
Do we have to explicitly install new certificates to enable HTTPS ingress or is there a way to use the one created by Istio/GKE by default?我们是否必须显式安装新证书以启用 HTTPS 入口,或者有没有办法使用默认情况下由 Istio/GKE 创建的证书?
1 个解决方案
解决方案1
0 2019-10-09 09:12:00
You can set a custom SSL certificate a custom Istio Ingress Gateway:您可以将自定义 SSL 证书设置为自定义 Istio Ingress Gateway:
https://istio.io/blog/2019/custom-ingress-gateway https://istio.io/blog/2019/custom-ingress-gateway
For a GKE managed Istio the changes could be reverted back to the default values during the automatic upgrade.对于 GKE 管理的 Istio,可以在自动升级期间将更改恢复为默认值。 But you can create a new ingress gateway:但是您可以创建一个新的入口网关:
https://cloud.google.com/istio/docs/istio-on-gke/installing#adding_gateways https://cloud.google.com/istio/docs/istio-on-gke/installing#adding_gateways
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.