I did make a little progress yesterday using this link
With this I succeeded in creating a secret in the istio-system namespace with a wildcard certificate that will work for many of my workloads. I then have to add the following section to each Gateway definition
On this page
I see an example of referencing a TLS secret, which is very similar to how the Ingress does it. It looks like this in the Gateway
credentialName: bookinfo-secret # fetches certs from Kubernetes secret
I would expect the secret to be defined in the same namespace as the Gateway resource, but it didn’t work when I tried it. I then tried adding a secret to the istio-system namespace, but that didn’t work either.
Is this a currently working feature? If so, how can I use it? I just found and will look at this link next: