Currently Istio does not support a fully automated certificate procedure. The standard ingress does support this by means of cert-manager. Would it be possible to combine standard ingress configuration for certification management with istio for other stuff? What are the down-sides to this combination?
Asked
Active
Viewed 231 times
8
musicformellons
- 12,283
- 4
- 51
- 86
-
can't you use nginx ingress ? it cert manager manage automatic cetificate renewal and annotation and many more options are there – Harsh Manvar Feb 11 '19 at 12:54
-
@HarshManvar Well..., that's what my question is about. I probably could use nginx-ingress, but why are people using istio upset about no 'direct istio support for auto-certificates'... would using e.g. nginx-ingress somehow conflict with istio!? And if so, how exactly? – musicformellons Feb 11 '19 at 13:00
-
oh okay got it then i would also like to know have to wait for answer. – Harsh Manvar Feb 11 '19 at 13:01
1 Answers
1
This was discussed in a blog post on Medium last fall, actually. I held onto the link because I too am interested in using nginx-ingress as the front-end, but then taking advantage of istio "for other stuff". If it pans out for you, would love to hear.
TinaC
- 409
- 1
- 4
- 14
-
To me it seems this two-tier approach becomes complex pretty quickly and I read somewhere it does not support 'sticky sessions'. For now, I am betting on a one-tier approach of istio only and I think they are getting closer at [solving the certificate stuff](https://github.com/istio/istio/pull/11496). – musicformellons Feb 27 '19 at 09:37
-
[This article](https://kubedex.com/ingress/) nicely compares the various ingress tools. The link to the google sheet includes istio ingress as well. – musicformellons Feb 27 '19 at 09:54