[Feedback] HTTPS in istio ingress gateway will not work unless gateway and certificate secret both are created in aks-istio-ingress namespace.

[pratiksharma-dev]

Describe your scenario We faced this issue for enabling secure gateways for a customer: Istio / Secure Gateways. The challenge is OSS istio only has istio-system namespace and all the docs for secure gateways use istio-system. If general guidance for OSS istio is followed, HTTPS will not work with AKS addon since we have 3 namespaces for istio viz. aks-istio-system, aks-istio-ingress and aks-istio-egress. The limitation is that it will only work when istio ingress gateway and certificate secret are both created in aks-istio-ingress namespace. This is not mentioned in the documentation anywhere and it was only through trial and error that we were able to make it work. The article in our learn pages here: Azure Kubernetes Service (AKS) external or internal ingresses for Istio service mesh add-on (preview) - Azure Kubernetes Service | Microsoft Learn, only mentions HTTP scenario and doesn’t mention HTTPS scenario. We should have proper documentation for this, if needed I have documented step by step instructions to setup Istio addon with HTTP(s) here: pratiksharma-dev/aks-istio-addon-setup (github.com)

Feedback This scenario should be well documented so that customers can get proper guidance while enabling secure gateways in Istio addon

[microsoft-github-policy-service[bot]]

This issue has been automatically marked as stale because it has not had any activity for 60 days. It will be closed if no further activity occurs within 15 days of this comment.

[microsoft-github-policy-service[bot]]

This issue will now be closed because it hasn't had any activity for 7 days after stale. pratiksharma-dev feel free to comment again on the next 7 days to reopen or open a new issue after that time if you still have a question/issue or suggestion.