How to setup SSL cert using istio with AWS EKS

Hi Team,

We are using AWS EKS to deploy our k8 applications and we installed istio in it.
By default when AWS EKS is created we get AWS classic load balancer we attached wild card certificate to it.

so if am exposing my k8 service of type clusterIP and i want to attach different certificate for few k8 services how i can override the loadbalacer one i tried adding certificate to gateway using credentialName but its not working.

i tried the approach defined in this documentation but its not working -> https://istio.io/latest/docs/tasks/traffic-management/ingress/secure-ingress/#configure-traffic-for-the-bookinfo-com-host

Let me know is there any other way to manage different certificates.

The guide you referred to is for services exposed through Ingress gateway to use different certs. Is that your use case? @JimmyChen

I’m just trying to add more details what was mentioned above. We work on similar usecase.
We are using AWS EKS to deploy our k8 applications with istio for orchestration.
As a part of EKS creation, the load balancer created is a classic load balancer.For SSL termination at Load balancer, wild card certificate is attached to it common for all applications as the CLB supports only one certificate.

If i have to expose K8 service using type Cluster IP with a different domain than the load balancer certificate, how can i override it? I tried calling the ARN of certificate from ACM and passed it while creating gateway and also tried the approach of using secrets.But none of them worked.

Please help on how to manage secured calls using istio and passing the cert details in gateway and not in services.

yes @liminwang can you please share us if you have any usecase with AWS cloud