I am trying to pass mTLS certs to istio ingress gateway via files and not via secrets. Vault init-container will store certs at
/etc/istio/ingressgateway-certs/tls.key
/etc/istio/ingressgateway-certs/tls.cert
/etc/istio/ingressgateway-ca-certs/ca-chain.cert.pem
So I m trying to remove ‘secret’ element via patch like this
- path: spec.template.spec.volumes[name:ingressgateway-ca-certs].emptyDir
value: {}
- path: spec.template.spec.volumes[name:ingressgateway-certs].emptyDir
value: {}
- path: spec.template.spec.volumes[name:ingressgateway-certs].secret
- path: spec.template.spec.volumes[name:ingressgateway-certs].secret.secretName
- path: spec.template.spec.volumes[name:ingressgateway-ca-certs].secret.secretName
- path: spec.template.spec.volumes[name:ingressgateway-ca-certs].secret
but it is not working. Doc says, “For delete, value should be unset.”
https://istio.io/latest/docs/reference/config/istio.operator.v1alpha1/#K8sObjectOverlay-PathValue
istioctl manifest generate command still includes secret section. I also tried setting the value to “unset” but (as exptected) ended up using unset as literal value for secret name. Any pointers are appreciated.