Secure kube-apiserver with ssl certificate using cert-manager


I see that istio created ‘kubernetes’ service in default namespace which leads to kube-apiserver(port 6443).

Does anyone figured out how to secure this service with SSL certificate using cert-manager? I would be grateful for any help.

Istio doesn’t create that service. Kubernetes itself always creates a kubernetes service in each namespace that can reach the API Server.

yeah, You’re right, sorry.

but still, in this case it’s not relevant what created this service :wink:

Maybe I’m not understanding your question, but I think using Istio and cert-manager in that way would be a layering violation. Istio itself depends on the Kubernetes API Server to be up and secured with TLS, meaning you can’t depend on Istio to provide that TLS security.