Istio Ingress with cert-manager
Question
I have Kubernetes with Kafka where is also running Istio with Strimzi. Certificates are stored in cert-manager. I want to use TLS passthrough in my ingress but I am a little bit confused of that.
When SIMPLE is used, there is credentialName , which must be the same as secret.
tls:
mode: SIMPLE
credentialName: httpbin-credential
It is nice and simple way. But how about mode: PASSTHROUGH when I have many hosts? I studied demo on istio web ( https://istio.io/latest/docs/tasks/traffic-management/ingress/ingress-sni-passthrough/#deploy-an-nginx-server ) and their certificate details are stored in server configuration file and they are creating configmap . In official Istio documentation is noted that this parameter is only for MUTUAL and SIMPLE .
What is correct and simple way to expose my hosts using istio ingress to external traffic using cert-manager?
1 answers
solution1
0 2021-12-08 02:44:29
The difference between SIMPLE & PASSTHROUGH is:
- SIMPLE TLS instructs the gateway to pass the ingress traffic by terminating TLS.
- PASSTHROUGH TLS instructs the gateway to pass the ingress traffic AS IS, without terminating TLS.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.