Add TLS Based Istio Ingress documentation

SeldonIO · Aug 10, 2020 · f9e2fa9 · f9e2fa9
1 parent c94b7b6
commit f9e2fa9
Showing 1 changed file with 37 additions and 0 deletions.
diff --git a/doc/source/ingress/istio.md b/doc/source/ingress/istio.md
@@ -30,6 +30,43 @@ spec:
     - "*"
 ```
 
+If you want to want to create SSL based gateway, create your signed certificate or actual signed certificate (for example named fullchain.pem), key (privkey.pem) and then run follwing commands to get SSL gateway. To create self-signed certificate
+
+
+```bash
+openssl req -nodes -x509 -newkey rsa:4096 -keyout privkey.pem -out fullchain.pem -days 365 -subj "/C=GB/ST=GreaterLondon/L=London/O=SeldonSerra/OU=MLOps/CN=localhost"
+```
+
+Import certificate and key as a secret into istio-system namespace
+
+```bash
+kubectl create -n istio-system secret tls seldon-ssl-cert --key=privkey.pem --cert=fullchain.pem
+```
+
+and create SSL Istio Gateway using following YAML file
+
+```
+apiVersion: networking.istio.io/v1alpha3
+kind: Gateway
+metadata:
+  name: seldon-gateway
+  namespace: istio-system
+spec:
+  selector:
+    istio: ingressgateway # use istio default controller
+  servers:
+  - hosts:
+    - '*'
+    port:
+      name: https
+      number: 443
+      protocol: HTTPS
+    tls:
+      credentialName: seldon-ssl-cert
+      mode: SIMPLE
+```
+
+
 If you have your own gateway you will use then you can provide the name when installing the seldon operator. For example if your gateway is called `mygateway` you can install the operator with:
 
 ```bash