You would typically use annotations on Kubernetes ingress to set up HTTPS and static IP with GKE. Istio set up its own ingress load balancer which is of type ‘Service’ but GKE is not compatible with annotations of that type.
If you are not familiar with Kubernetes you can check out this article : https://www.padok.fr/en/blog/kubernetes-essentials-components-pods-services or if you want to live test this article setup your own Kubernetes cluster on GKE by following this article : https://www.padok.fr/en/blog/kubernetes-google-cloud-terraform-cluster
Cert-Manager with Kubernetes and GCP
You can use cert-manager with Kubernetes to set up HTTPS, the process is fairly straightforward. We’ll go through setting it up.
Setup Istio to work with cert-manager
istioctl manifest apply \
--set values.gateways.istio-ingressgateway.sds.enabled=true \
--set values.global.k8sIngress.enabled=true \
--set values.global.k8sIngress.enableHttps=true \
--set values.global.k8sIngress.gatewayName=ingressgateway
Setup certificate, make sure to set all env variables
cat <<EOF | kubectl apply -f -
apiVersion: certmanager.k8s.io/v1alpha1
kind: Certificate
metadata:
name: ingress-cert
namespace: istio-system
spec:
secretName: ingress-cert
issuerRef:
name: letsencrypt-staging
kind: ClusterIssuer
commonName: $INGRESS_DOMAIN
dnsNames:
- $INGRESS_DOMAIN
acme:
config:
- http01:
ingressClass: istio
domains:
- $INGRESS_DOMAIN
---
EOF
Done!
If you require a production level certificate you can change the issuerRef name to letsencrypt instead of letsencrypt-staging
For more details on this setup you can go see their official documentation: https://istio.io/docs/tasks/traffic-management/ingress/ingress-certmgr/
And cert-manager documentation: https://docs.cert-manager.io/en/latest/
The rest of the article is avaible here : https://www.padok.fr/en/blog/https-istio-kubernetes
Top comments (0)