I have a scenario where I need to update the Ingress gateway tls cert (/etc/istio/ingressgateway-certs/tls.crt)
and key every 24 hours. I am able to fetch the raw bytes and create the secret using C# Kubernetes client, but unless the Ingress Gateway restarts, it does not pick up the updated certs. Is there a way to do that through code without restarting the ingress-gateway deployment?
Any other suggestions is also highly appreciated.
kubectl create -n istio-system secret tls istio-ingressgateway-certs --key tls.key --cert tls.crt
and gateway (partial) looks like :selector: istio: ingressgateway servers: - port: name: https number: 443 protocol: https tls: mode: SIMPLE serverCertificate: /etc/istio/ingressgateway-certs/tls.crt privateKey: /etc/istio/ingressgateway-certs/tls.key minProtocolVersion: TLSV1_2 maxProtocolVersion: TLSV1_3 hosts: - "*"
– Jim