Bookinfo with HTTPS

bookinfo-gateway.yaml

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: bookinfo-gateway
spec:
  selector:
    istio: ingressgateway # use istio default controller
  servers:
  - port:
      number: 443
      name: https
      protocol: HTTPS
    tls:
      mode: SIMPLE
      serverCertificate: /etc/istio/ingressgateway-certs/tls.crt
      privateKey: /etc/istio/ingressgateway-certs/tls.key
    hosts:
    - "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: bookinfo
spec:
  hosts:
  - "*"
  gateways:
  - bookinfo-gateway
  http:
  - match:
    - uri:
        exact: /productpage
    - uri:
        exact: /login
    - uri:
        exact: /logout
    - uri:
        prefix: /api/v1/products
    route:
    - destination:
        host: productpage
        port:
          number: 9080

The following steps were conducted with Istio release 0.8.0 on IBM Cloud Kubernetes Service:

• Install Istio:

helm install install/kubernetes/helm/istio --name istio --namespace istio-system

• Enable automatic sidecar injector on the default namespace:

kubectl label namespace default istio-injection=enabled

• Install Bookinfo sample:

kubectl create -f samples/bookinfo/kube/bookinfo.yaml

• Download the attached YAML and deploy it:

bin/istioctl create -f bookinfo-gateway.yaml

• Create the ingressgateway secret:

openssl req -x509 -days 365 -newkey rsa:2048 -keyout tls_.key -out tls.crt -subj "/CN=bookinfo.example.com"
openssl rsa -in tls_.key -out tls.key
kubectl create -n istio-system secret tls istio-ingressgateway-certs --key ./tls.key --cert ./tls.crt
``
- Get the external IP of the IngressGateway:
```sh
kubectl get svc -n istio-system

• Curl / use browser to access the Bookinfo webpage:

curl -k -I https://<INGRESSGATEWAY_IP>/productpage