Hello,
I see that istio created ‘kubernetes’ service in default namespace which leads to kube-apiserver(port 6443).
Does anyone figured out how to secure this service with SSL certificate using cert-manager? I would be grateful for any help.
Hello,
I see that istio created ‘kubernetes’ service in default namespace which leads to kube-apiserver(port 6443).
Does anyone figured out how to secure this service with SSL certificate using cert-manager? I would be grateful for any help.
Istio doesn’t create that service. Kubernetes itself always creates a kubernetes
service in each namespace that can reach the API Server.
yeah, You’re right, sorry.
but still, in this case it’s not relevant what created this service
Maybe I’m not understanding your question, but I think using Istio and cert-manager in that way would be a layering violation. Istio itself depends on the Kubernetes API Server to be up and secured with TLS, meaning you can’t depend on Istio to provide that TLS security.