Istio Gateway supports multiple custom ingress gateways. It opens a series of ports to host incoming connections at the edge of the grid and can use different load balancers to isolate different ingress traffic flows. Cert-manager can be used to obtain certificates by using any signature key pair stored in the Kubernetes Secret resource. This article provides instructions on the steps for manually creating a custom ingress gateway and how to use cert-manager to automatically configure certificates in the gateway.
Generate a Signature Key Pair
CA Issuer does not automatically create and manage signature key pairs. The key pairs are either provided by the user or a new signature key pair for a self-signed CA is generated by a tool, such as OpenSSL. For example, you can generate keys and certificates of type x509 by using the following command: