Deploy a Custom Ingress Gateway Using Cert-Manager
Describes how to deploy a custom ingress gateway using cert-manager manually.
This post provides instructions to manually create a custom ingress gateway with automatic provisioning of certificates based on cert-manager.
The creation of custom ingress gateway could be used in order to have different loadbalancer
in order to isolate traffic.
Before you begin
- Set up Istio by following the instructions in the Installation guide.
- Set up
cert-manager
with helm chart - We will use
demo.mydemo.com
for our example, it must be resolved with your DNS
Configuring the custom ingress gateway
Check if cert-manager was installed using Helm with the following command:
The output should be similar to the example below and show cert-manager with a
STATUS
ofDEPLOYED
:To create the cluster’s issuer, apply the following configuration:
If you use the
route53
provider, you must provide a secret to perform DNS ACME Validation. To create the secret, apply the following configuration file:Create your own certificate:
Make a note of the value of
secretName
since a future step requires it.To scale automatically, declare a new horizontal pod autoscaler with the following configuration:
Apply your deployment with declaration provided in the yaml definition
Create your service:
Create your Istio custom gateway configuration object:
Link your
istio-custom-gateway
with yourVirtualService
:Correct certificate is returned by the server and it is successfully verified (SSL certificate verify ok is printed):
Congratulations! You can now use your custom istio-custom-gateway
gateway configuration object.