先做一个清理
kubectl delete secret istio-ingressgateway-certs -n istio-system
准备 两套 证书
这里我用的两个域名是
- golang.press
- diynocap.com
kubectl create secret generic istio-ingressgateway-certs -n istio-system --from-file=diy-cert.pem --from-file=diy-key.pem --from-file=go-cert.pem --from-file=go-key.pem
修改 gateway
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: nginx-gateway
namespace: lizhe
spec:
selector:
istio: ingressgateway # use istio default controller
servers:
- port:
number: 443
name: https-diy
protocol: HTTPS
hosts:
- "diynocap.com"
tls:
mode: SIMPLE
serverCertificate: /etc/istio/ingressgateway-certs/diy-cert.pem
privateKey: /etc/istio/ingressgateway-certs/diy-key.pem
- port:
number: 443
name: https-go
protocol: HTTPS
hosts:
- "golang.press"
tls:
mode: SIMPLE
serverCertificate: /etc/istio/ingressgateway-certs/go-cert.pem
privateKey: /etc/istio/ingressgateway-certs/go-key.pem
