The gateway and admission controllers will only mutate TLS and manage certificates for v1beta1.Gateway resources that are labeled with the following:
labels:
"v1beta1.kanopy-platform.github.io/istio-cert-controller-inject-simple-credential-name": "true"When this label is set the controller will take over the TLS.CredentialName and install a certificate according to the default issuer set during Installation
A custom ClusterIssuers installed in your kubernetes cluster may be used per gateway with the annotation:
annotations:
v1beta1.kanopy-platform.github.io/istio-cert-controller-issuer: my-cluster-issuerCertificates created by this controller will contain the following Managed label. Following standard controller convention, certificates with this label SHOULD NOT be manually edited.
The value of this label will consist of two parts:
- The resource name of the gateway
- The namespace where the gateway belongs
labels:
v1beta1.kanopy-platform.github.io/istio-cert-controller-managed: name-of-gateway.namespace