on my new created GKE cluster I wanted to try the pre-installed Istio as addon. But it looks like I can’t get SDS running with this type of Istio installation.
Based on this documenation, I wanted to use the Cert-Manager and SDS. https://istio.io/docs/tasks/traffic-management/ingress/ingress-certmgr/
So I did the first step and expected to have the nodeagent running afterwards to deliver the certificates via sds. But there is no nodeagent in my istio-system namesapce.
$ istioctl manifest apply \ --set values.gateways.istio-ingressgateway.sds.enabled=true \ --set values.global.k8sIngress.enabled=true \ --set values.global.k8sIngress.enableHttps=true \ --set values.global.k8sIngress.gatewayName=ingressgateway
So here are a few questions:
- Is SDS somehow not usable when installing Istio via GKE addon?
- Do I need the sidecar container (injection) to make use of sds?
- Can I uninstall the GKE addon and preserve all settings from Istio (installing it via helm before/afterwards)? I don’t want my IP address to be changed.