Istio - Https-gateway（1.7.4版本）

官方参考：
Istio - task/traffic-management/ingress/secure-ingress

基本步骤：

1、创建secret

在K8s集群的某台机器上放置证书文件，进到证书文件目录，后基于kubectl命令创建证书secret

kubectl create -n istio-system secret tls mycom-crt --key=cert.key --cert=cert.crt

注意：
secret命令空间一定要选istio-system，否则Istio ingress-gateway pod容器无法加载secret（搞错namespace必被坑，每次一坑???? ）

ingress-gateway无法加载证书secret日志：

ingress-gateway正确加载证书日志：

2、创建gateway

新版本的gateway可直接通过credentialName来关联证书对应的secret

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: mygateway
spec:
  selector:
    istio: ingressgateway # use istio default ingress gateway
  servers:
  - port:
      number: 443
      name: https
      protocol: HTTPS
    tls:
      mode: SIMPLE
      credentialName: mycom-crt # must be the same as secret
    hosts:
    - httpbin.example.com

新版1.7.4 gateway.tls配置

3、通过virtualservice关联gateway

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: httpbin
spec:
  hosts:
  - "httpbin.example.com"
  gateways:
  - mygateway
  http:
  - match:
    - uri:
        prefix: /status
    - uri:
        prefix: /delay
    route:
    - destination:
        port:
          number: 8000
        host: httpbin