Istio 1.1 / Cert--manager and multiple SSL certs

#1

I’m reading through 1.1 docs on the cert-manager integration: https://istio.io/docs/examples/advanced-gateways/ingress-certmgr/

One thing that isn’t clear: Can this support multiple SSL certs / hosts on the same gateway? For example, if I want certs issued for both foo.bar.com and foo.acme.com.

The certificate request secretName looks like a one to one mapping to the credentialName in the gateway. That seems to imply that you can not map multiple certs / hostnames?

Thanks

1 Like

#2

I think you can use multiple server entries with different credentials in single gateway. Example

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: my-gateway
  namespace: some-config-namespace
spec:
  selector:
    app: my-gateway-controller
  servers:
  - port:
      number: 443
      name: https
      protocol: HTTPS
    hosts:
    - foo.bar.com
    tls:
      credentialName: ingress-cert-staging
      privateKey": sds
      serverCertificate": sds
  - port:
      number: 443
      name: https
      protocol: HTTPS
    hosts:
    - foo.acme.com
    tls:
      credentialName: ingress-cert-prod
      privateKey": sds
      serverCertificate": sds
0 Likes