istio tls ingress

ISTIO_SECURE_INGRESS_NOTES.MD

1. Generate TLS assets (openssl):

$ openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /tmp/tls.key -out /tmp/tls.crt -subj "/CN=foo.bar.com"

2. Create a secret object that uses the TLS assets. Note: The name must be istio-ingress-certs:

$ kubectl create -n istio-system secret tls istio-ingress-certs --key /tmp/tls.key --cert /tmp/tls.crt

3. Add thw following for the tls: field of the Ingress object spec:

secretName: istio-ingress-certs # currently ignored

secure_ingress.yaml

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: secure-ingress
  annotations:
    kubernetes.io/ingress.class: istio
spec:
  tls:
    - secretName: istio-ingress-certs # currently ignored
  rules:
  - http:
      paths:
      - path: /status/.*
        backend:
          serviceName: httpbin
          servicePort: 8000
      - path: /delay/.*
        backend:
          serviceName: httpbin
          servicePort: 8000