diff --git a/content/en/docs/tasks/observability/gateways/index.md b/content/en/docs/tasks/observability/gateways/index.md index 91db22c193..3e706cf2c8 100644 --- a/content/en/docs/tasks/observability/gateways/index.md +++ b/content/en/docs/tasks/observability/gateways/index.md @@ -31,6 +31,8 @@ This option covers securing the transport layer *only*. You should also configur addons to require authentication when exposing them externally. {{< /warning >}} +1. [Install cert-manager](https://docs.cert-manager.io/en/latest/getting-started/install/kubernetes.html) to manage certificates automatically. + 1. [Install Istio](/docs/setup) in your cluster and enable the `cert-manager` flag and configure `istio-ingressgateway` to use the [Secret Discovery Service](https://www.envoyproxy.io/docs/envoy/latest/configuration/security/secret#sds-configuration). @@ -39,8 +41,6 @@ the [Secret Discovery Service](https://www.envoyproxy.io/docs/envoy/latest/confi * `--set gateways.enabled=true` * `--set gateways.istio-ingressgateway.enabled=true` * `--set gateways.istio-ingressgateway.sds.enabled=true` - * `--set certmanager.enabled=true` - * `--set certmanager.email=mailbox@donotuseexample.com` To additionally install the telemetry addons, use the following Helm installation options: diff --git a/content/en/docs/tasks/traffic-management/ingress/ingress-certmgr/index.md b/content/en/docs/tasks/traffic-management/ingress/ingress-certmgr/index.md index ea5d05353b..a4d6ec2b87 100644 --- a/content/en/docs/tasks/traffic-management/ingress/ingress-certmgr/index.md +++ b/content/en/docs/tasks/traffic-management/ingress/ingress-certmgr/index.md @@ -13,23 +13,23 @@ You will start with a clean Istio installation, create an example service, expos ## Before you begin -[Install Istio](/docs/setup/) making sure to enable ingress [gateway](/docs/reference/config/networking/v1alpha3/gateway) with Kubernetes Ingress support, [SDS](https://www.envoyproxy.io/docs/envoy/latest/configuration/security/secret) and [cert-manager](https://docs.cert-manager.io/) optional dependency during installation. Here's an example of how to do this for the [helm template](/docs/setup/install/helm/#option-1-install-with-helm-via-helm-template) installation path: +1. [Install Istio](/docs/setup/) making sure to enable ingress [gateway](/docs/reference/config/networking/v1alpha3/gateway) with Kubernetes Ingress support, [SDS](https://www.envoyproxy.io/docs/envoy/latest/configuration/security/secret). Here's an example of how to do this for the [helm template](/docs/setup/install/helm/#option-1-install-with-helm-via-helm-template) installation path: -{{< text bash >}} -$ helm template $HOME/istio-fetch/istio \ - --namespace=istio-system \ - --set gateways.istio-ingressgateway.sds.enabled=true \ - --set global.k8sIngress.enabled=true \ - --set global.k8sIngress.enableHttps=true \ - --set global.k8sIngress.gatewayName=ingressgateway \ - --set certmanager.enabled=true \ - --set certmanager.email=mailbox@donotuseexample.com \ - > $HOME/istio-fetch/istio.yaml -{{< /text >}} + {{< text bash >}} + $ helm template $HOME/istio-fetch/istio \ + --namespace=istio-system \ + --set gateways.istio-ingressgateway.sds.enabled=true \ + --set global.k8sIngress.enabled=true \ + --set global.k8sIngress.enableHttps=true \ + --set global.k8sIngress.gatewayName=ingressgateway \ + > $HOME/istio-fetch/istio.yaml + {{< /text >}} -{{< tip >}} -By default `istio-ingressgateway` will be exposed as a `LoadBalancer` service type. You may want to change that by setting the `gateways.istio-ingressgateway.type` installation option to `NodePort` if this is more applicable to your Kubernetes environment. -{{< /tip >}} + {{< tip >}} + By default `istio-ingressgateway` will be exposed as a `LoadBalancer` service type. You may want to change that by setting the `gateways.istio-ingressgateway.type` installation option to `NodePort` if this is more applicable to your Kubernetes environment. + {{< /tip >}} + +1. [Install cert-manager](https://docs.cert-manager.io/en/latest/getting-started/install/kubernetes.html) to manage certificates automatically. ## Configuring DNS name and gateway