Menu
Currently Istio does not support a fully automated certificate procedure. The standard ingress does support this by means of cert-manager. Would it be possible to combine standard ingress configuration for certification management with istio for other stuff? What are the down-sides to this combination?
451
Istio deploys a default IngressGateway with a public IP address, which you can configure to expose applications inside your service mesh to the Internet. Istio Gateways have two key advantages over traditional Kubernetes Ingress.
Check the logs to verify that the ingress gateway agent has pushed the key/certificate pair to the ingress gateway. The log should show that the httpbin-credential secret was added. If using mutual TLS, then the httpbin-credential-cacert secret should also appear.
Istio has replaced all the familiar Ingress resource with new Gateway and VirtualServices resources. They work in sync to route all the traffic into the mesh. Inside the mesh there is no requirement for Gateways since the services can access each other by a cluster local service name.
Along with support for Kubernetes Ingress , Istio offers another configuration model, Istio Gateway . A Gateway provides more extensive customization and flexibility than Ingress , and allows Istio features such as monitoring and route rules to be applied to traffic entering the cluster.
This was discussed in a blog post on Medium last fall, actually. I held onto the link because I too am interested in using nginx-ingress as the front-end, but then taking advantage of istio "for other stuff". If it pans out for you, would love to hear.
194
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
