so I have a cluster with Istio/SDS + cert-manager via Let’s Encrypt up and running. I didn’t figure out how to deploy the certs automatically though. Via the kubernetes ingress I could have something like this:
apiVersion: extensions/v1beta1 kind: Ingress metadata: name: http-svc namespace: web-svc annotations: certmanager.k8s.io/cluster-issuer: selfsigning-issuer # just for testing nginx.ingress.kubernetes.io/affinity: "cookie" nginx.ingress.kubernetes.io/session-cookie-name: "route" nginx.ingress.kubernetes.io/session-cookie-hash: "sha1" spec: tls: - hosts: - http-svc.poc.lan secretName: cert-http-svc.poc.lan rules: - host: http-svc.poc.lan http: paths: - path: / backend: # This assumes http-svc exists and routes to healthy endpoints serviceName: http-svc servicePort: 80
and the cert would automatically be deployed/managed via cert-manager. How can I achieve this with Istio?