I’m reading through 1.1 docs on the cert-manager integration: https://istio.io/docs/examples/advanced-gateways/ingress-certmgr/
One thing that isn’t clear: Can this support multiple SSL certs / hosts on the same gateway? For example, if I want certs issued for both foo.bar.com and foo.acme.com.
The certificate request secretName looks like a one to one mapping to the credentialName in the gateway. That seems to imply that you can not map multiple certs / hostnames?
Thanks
I think you can use multiple server entries with different credentials in single gateway. Example
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: my-gateway
namespace: some-config-namespace
spec:
selector:
app: my-gateway-controller
servers:
- port:
number: 443
name: https
protocol: HTTPS
hosts:
- foo.bar.com
tls:
credentialName: ingress-cert-staging
privateKey": sds
serverCertificate": sds
- port:
number: 443
name: https
protocol: HTTPS
hosts:
- foo.acme.com
tls:
credentialName: ingress-cert-prod
privateKey": sds
serverCertificate": sds按照示例进行配置,foo.acme.com 会应用foo.bar.com的证书。
Hi there,
does anybody know if using just one istio gateway for multiple names has any performance or security issues?
I am currently using istio1.1.6