使用istio网关部署https网站

首先生成网站的认证和key,并将Key和认证转换为BASE64编码，以便在配置文件中使用：

cat bmi.myapp.lan.key.pem | base64 -w 0
cat bmi.myapp.lan.crt.pem | base64 -w 0

创建Scret：

apiVersion: v1
kind: Secret
metadata:
  name: istio-ingressgateway-certs
  namespace: istio-system
  labels:
    app: istio-gateway
    managed-by: gitops
type: kubernetes.io/tls
data:
  tls.crt: LS0...
  tls.key: LS0t...

创建Gateway:

apiVersion: networking.istio.io/v1beta1
kind: Gateway
metadata:
  name: https-bmi-gateway
  namespace: istio-system
spec:
  selector:
    istio: ingressgateway
  servers:
  - port:
      number: 443
      name: https
      protocol: HTTPS
    tls:
      mode: SIMPLE
      credentialName: istio-ingressgateway-certs
    hosts:
    - "bmi.myapp.lan"
---
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
  name: https-bmi-vs
  namespace: istio-system
spec:
  hosts:
  - "bmi.myapp.lan"
  gateways:
  - istio-system/https-bmi-gateway
  http:
  - route:
    - destination:
        host: bmi-nginx-sv.default.svc.cluster.local
        port:
          number: 80