Using Gateway + VirtualService + http01 + SDS

In the document there is an example about Securing Kubernetes Ingress with Cert-Manager which is not using Gateway + VirtualService. I have tried to make it work with acme http01 but the certificate can not be issued as in log challenge I have 404 error. Is there any example that I can follow with the specifications I mentioned?

I want to use Istio Gateway with SDS option for TLS and secure that by using cert-manager with http-01.

According to the documentation I found some example like Securing Kubernetes Ingress with Cert-Manager or Deploy a Custom Ingress Gateway Using Cert-Manager. However these examples are using Kuberenetes Ingress resource itself (Not istio gateway) or like the second example is using dns-01 .

I need an instruction which including Istio Gateway with SDS option for TLS and secure that by using cert-manager with http-01. Istio gateway give me ability to use VirtualService .

I have done like editing istio-autogenerated-k8s-ingress. I deleted TLS and HTTPS part of this filem so the cert-manager can issue certificate. And I created another Gateway with TLS and HTTPS options and everything is working well.
However is not clear to me why I can not only make my gateway to issue certificate by cert-manager and also use VirtualService refer to that Gateway!

4 Likes

@JimmyChen any insights about this?

2 Likes