I am trying to setup HTTPS with Istio Ingress Gateway. It seems there are a number of approaches that you can take.
In my demo project I have setup demo profile of Istio(v1.5.1) with istioctl cli tool on GKE. As istio-ingressgateway is a LoadBalancer, I used a GKE Ingress with it. The benefit of using GKE ingress in front of Istio ingress-gateway is that I can now use Google Managed SSL certificates. It’s a very easy and straight forward setup. And it works fine.
My questions are,
- Is this setup recommended? In Istio doc there is already a guide on how to use Kubernetes Ingress and Cert Manager with Istio ingress-gateway.
- Will I lose out any of the Istio Traffic routing features. Can I still use Gateway and VirtualService?
- Will the mTLS still work properly?
- Are there any security issues with this setup?
I am new in these topics and would really appreciate your opinions and suggestions.