DEV Community

Benjamin Sanvoisin
Benjamin Sanvoisin

Posted on • Originally published at

How to set up HTTPS with Istio and Kubernetes on GKE

You would typically use annotations on Kubernetes ingress to set up HTTPS and static IP with GKE. Istio set up its own ingress load balancer which is of type ‘Service’ but GKE is not compatible with annotations of that type.
If you are not familiar with Kubernetes you can check out this article : or if you want to live test this article setup your own Kubernetes cluster on GKE by following this article :

Cert-Manager with Kubernetes and GCP
You can use cert-manager with Kubernetes to set up HTTPS, the process is fairly straightforward. We’ll go through setting it up.
Setup Istio to work with cert-manager

istioctl manifest apply \
  --set values.gateways.istio-ingressgateway.sds.enabled=true \
  --set \
  --set \

Setup certificate, make sure to set all env variables

cat <<EOF | kubectl apply -f -
kind: Certificate
  name: ingress-cert
  namespace: istio-system
  secretName: ingress-cert
    name: letsencrypt-staging
    kind: ClusterIssuer
  commonName: $INGRESS_DOMAIN
    - http01:
        ingressClass: istio


If you require a production level certificate you can change the issuerRef name to letsencrypt instead of letsencrypt-staging
For more details on this setup you can go see their official documentation:
And cert-manager documentation:

The rest of the article is avaible here :

Top comments (0)