Hi,
I don't know if this is the right place or where I could ask this question:
I've managed to create a load balancer with hcloud, istio and the gateway api. Istio creates the LoadBalancer and passes the annotations on to it, as it seems. The http port works fine. But I have not figured out to create a https service with a manged certificate.
I've added the annotations to create a managed certificate and the certificate is created, but I don't know how to apply it to a listener. I've tried to config TLS termination, but I can't access the certificate, since it's not part of the secrets.
My question would be: How can I configure the https listener so that it sets up the hetzner load balance to terminate TLS? Or if that's not possible: How can I use the managed cert, to terminate the TLS in the kubernetes gateway? How can I configure the service on 80 to redirect to 443?
It seems like the annotations apply to all services. Maybe it is that I don't get how to apply certain annotations to certain services.
The config looks like:
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
name: gw-my-domain-com
annotations:
load-balancer.hetzner.cloud/name: k0s-load-balancer
load-balancer.hetzner.cloud/location: fsn1
load-balancer.hetzner.cloud/use-private-ip: "true"
load-balancer.hetzner.cloud/certificate-type: "managed"
load-balancer.hetzner.cloud/http-managed-certificate-domains: "*.my-domain.com"
load-balancer.hetzner.cloud/http-managed-certificate-name: "all-my-domain-com"
load-balancer.hetzner.cloud/protocol: "tcp"
spec:
gatewayClassName: istio
listeners:
- name: http
hostname: "*.my-domain.com"
port: 80
protocol: HTTP
allowedRoutes:
namespaces:
from: All
- name: https
hostname: "*.my-domain.com"
port: 443
protocol: HTTPS
tls:
mode: Terminate
certificateRefs:
- name: "all-my-domain-com"
allowedRoutes:
namespaces:
from: All
Hi,
I don't know if this is the right place or where I could ask this question:
I've managed to create a load balancer with hcloud, istio and the gateway api. Istio creates the LoadBalancer and passes the annotations on to it, as it seems. The http port works fine. But I have not figured out to create a https service with a manged certificate.
I've added the annotations to create a managed certificate and the certificate is created, but I don't know how to apply it to a listener. I've tried to config TLS termination, but I can't access the certificate, since it's not part of the secrets.
My question would be: How can I configure the https listener so that it sets up the hetzner load balance to terminate TLS? Or if that's not possible: How can I use the managed cert, to terminate the TLS in the kubernetes gateway? How can I configure the service on 80 to redirect to 443?
It seems like the annotations apply to all services. Maybe it is that I don't get how to apply certain annotations to certain services.
The config looks like: