问题描述

我已配置let加密istio入口.我可以使用网关和virtualservice访问在不同端口上运行的https上的其他服务.

I have configured istio ingress with lets encrypt certificate.I am able to access different service on https which are running on different port by using gateways and virtualservice.

但是kubernetes-dashboard在kube系统名称空间的443端口上运行，并具有自己的证书，我该如何通过istio网关和virtualservice公开它.

我已经为仪表板定义了子域，并创建了网关，虚拟服务，它正在将443流量引导至kuberentes仪表板服务，但它无法正常工作.

I have defined sub domain for dashboard and created gateways,virtualservice and it was directing 443 trafic to kuberentes dashboard service , but its not working.

对于https虚拟服务配置，我已经从istio那里获得了参考doc

推荐答案

听起来您想配置一个入口网关来执行SNI直通而不是TLS终止.您可以通过在网关配置中将tls模式设置为PASSTHROUGH来完成此操作，例如:

It sounds like you want to configure an ingress gateway to perform SNI passthrough instead of TLS termination. You can do this by setting the tls mode in your Gateway configuration to PASSTHROUGH something like this:

apiVersion: networking.istio.io/v1alpha3kind: Gatewaymetadata: name: dashboardspec: selector: istio: ingressgateway servers: - port: number: 443 name: https-dashboard protocol: HTTPS tls: mode: PASSTHROUGH hosts: - dashboard.example.com

apiVersion: networking.istio.io/v1alpha3kind: Gatewaymetadata: name: dashboardspec: selector: istio: ingressgateway servers: - port: number: 443 name: https-dashboard protocol: HTTPS tls: mode: PASSTHROUGH hosts: - dashboard.example.com

可以在此处 a>.