--- apiVersion: networking.istio.io/v1alpha3 kind: Gateway metadata: name: istiod-gateway namespace: istio-system spec: selector: istio: eastwestgateway servers: - port: name: tls-istiod number: 15012 protocol: tls tls: mode: PASSTHROUGH hosts: - "*" - port: name: tls-istiodwebhook number: 15017 protocol: tls tls: mode: PASSTHROUGH hosts: - "*" --- apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: istiod-vs # {"$ref":"#/definitions/io.k8s.cli.setters.anthos.servicemesh.istiod-vs-name"} namespace: istio-system spec: hosts: - "*" gateways: - istiod-gateway tls: - match: - port: 15012 sniHosts: - istiod.istio-system.svc # {"$ref":"#/definitions/io.k8s.cli.setters.anthos.servicemesh.istiodHost"} route: - destination: host: istiod.istio-system.svc.cluster.local # {"$ref":"#/definitions/io.k8s.cli.setters.anthos.servicemesh.istiodHostFQDN"} port: number: 15012 - match: - port: 15017 sniHosts: - istiod.istio-system.svc # {"$ref":"#/definitions/io.k8s.cli.setters.anthos.servicemesh.istiodHost"} route: - destination: host: istiod.istio-system.svc.cluster.local # {"$ref":"#/definitions/io.k8s.cli.setters.anthos.servicemesh.istiodHostFQDN"} port: number: 443