I’m considering Istio ingress gateways to replace K8s’ native ingress resources but I find challenges in an environment where end users can not expose their own ingress gateway with a service of type load balancer (onprem with F5 load balancers not implementing the service type lb). Allow me to elaborate.
The current environment uses shared nginx ingress controllers and these are externally exposed using an admin managed F5’ vserver custom resource definition. Users can create ingress resources with TLS certificates stored in secrets in their user namespace with no access to the ingress controller namespace.
Going with Istio ingress gateways, I don’t see how to achieve the same functionality because
- They have no access to the shared ingress gateway namespace to create secrets (istio-system)
- With their own ingress gateway in their namespace , they have no ability to expose it externally
I was wondering if anyone else had the same problem with possible alternative