--- apiVersion: networking.istio.io/v1alpha3 kind: Gateway metadata: name: istiod-gateway namespace: istio-system spec: selector: istio: eastwestgateway servers: - port: name: tls-istiod number: 15012 protocol: tls tls: mode: PASSTHROUGH hosts: - "*" - port: name: tls-istiodwebhook number: 15017 protocol: tls tls: mode: PASSTHROUGH hosts: - "*" --- apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: istiod-vs namespace: istio-system spec: hosts: - "*" gateways: - istiod-gateway tls: - match: - port: 15012 sniHosts: - istiod.istio-system.svc route: - destination: host: istiod.istio-system.svc.cluster.local port: number: 15012 - match: - port: 15017 sniHosts: - istiod.istio-system.svc route: - destination: host: istiod.istio-system.svc.cluster.local port: number: 443