Team,
if we are using AWS CLB(classic load balancer) as istio ingress gateway we are unable to attach multiple SSL certs.
we are using below url to create AWS CLB ingress gateway.
URL: https://istio.io/latest/docs/setup/install/istioctl/
so is there any way we can create AWS application load balancer where we can add multiple certs or if there is any other use case how we can attach multiple certs please share us reference urls which will help us to implement.
You are relying on istio to create the AWS load balancer? and you want to terminate SSL at said AWS load balancer? You can always disable Istio from creating it and setup the AWS LB yourself unless i am understanding incorrectly?
thanks alot @nick_tetrate for responding.
currently we create ingress gateway using istio it creates AWS classic load balancer which has limitation for multiple certs.
we are creating ingress gateway using istio so that we can use istio features to route traffic to all the k8 services exposed via cluster IP which is gr8 feature and which will avoid to create new Load balancer for each k8 service and reduce cloud cost.
so if we disable istio then we need to expose all our k8 service as load balancer type which we dont want to create unless we have some technical blocker with istio or if you have any other way to achieve this usecase where we can have one LB please let us know.
I was not suggesting that you disable istio. Just dont have istio create the AWS load balancer and set one up outside of the istio setup process. Another alternative is to not terminate SSL at the ELB and instead host multiple certificates on the istio ingress gateway.
@nick_tetrate i need usecase using istio in AWS EKS and managing multiple certs.
if we create ingress gateway using istio with AWS cloud provider(https://istio.io/latest/docs/setup/install/istioctl/) it creates AWS classic load balancer where we open http/https ports and a certificate is attached to https.
but when we want to use different certificate with istio credential name its not working its still taking the certificate attached to AWS classic load balancer https port.
@anilcs0405 if you have any usecase as per above conservation can you please share.