在 Istio 环境里如何配置双 https / tls 的路由规则

上面是一个常见的服务路由配置需求： 公网上使用 Let’s Encrypt ( cert manager ) 申请域名证书，使用 https 协议 K8S 内部的 CockroachDB UI ( 默认 8080 端口 ）使用的是 https 协议（会自动重定向到 https ） --- apiVersion: cert-manager.io/v1alpha2 kind: Certificate metadata: name: crdb.c3.nlzqtcp.develop.ooclab.com-cert spec: secretName: crdb.c3.nlzqtcp.develop.ooclab.com-cert issuerRef: name: letsencrypt kind: ClusterIssuer dnsNames: - crdb.c3.nlzqtcp.develop.ooclab.com --- apiVersion: networking.istio.io/v1alpha3 kind: Gateway metadata: name: crdb spec: selector: istio: ingressgateway # use istio default ingress gateway servers: - port: number: 443 name: https protocol: HTTPS tls: mode: SIMPLE credentialName: crdb. Read more