Istio Gateway with CertManager and Let's Encrypt

The documentation has a sample for setting up K8s Ingress type with CertManager & LetsEncrypt:

Is there similar sample to get this up and going with Gateway&VirtualService

1 Like

The steps to secure an ingress gateway are provided in https://istio.io/docs/tasks/traffic-management/secure-ingress/

In your scenario cert-manager would provision and manage a Secret that will be referenced by the Gateway either via SDS or filemount.
The Server.TLSOption.credentialName is used to reference the cert-manager generated secret in the same namespace as the ingress gateway, if SDS is enabled. Essentially the cert managers Certificate.secretRef key should match the ingress gateway credentialName.

If using the filemount (SDS disabled) approach the secret generated by cert-manager will need to be mounted to the Ingress gateway, which requires a restart everytime the Secret is rotated or changed.

Hope that helps.