[07:08:18] <elukey>	 good morning!
[07:27:44] * elukey bbiab
[09:57:08] <elukey>	 early lunch break today, need to run errand, be back later!
[13:54:58] <elukey>	 configuring istio ingress for tls is a little weird
[13:55:09] <elukey>	 I hoped it was more straightforward
[14:00:20] <elukey>	 my impression is that the istio gateway acts only a TCP load balancer, leaving to the target pods (in our case, kfserving/knative) the responsibility to terminate TLS
[14:00:48] <elukey>	 meanwhile I'd like to terminate https at the gateway, and proxy to the rest
[14:01:44] <elukey>	 from https://istio.io/latest/docs/tasks/traffic-management/ingress/secure-ingress/ it seems possible
[14:02:38] <elukey>	 but I can't find a way to "translate" that into what we use with istioctl, namely the install.istio.io/v1alpha1 API (IstioOperator)
[14:02:43] <elukey>	 weird
[14:02:48] <elukey>	 coffee :)
[14:37:10] <elukey>	 so this is interesting: https://istio.io/latest/docs/reference/config/networking/gateway/#Server
[14:38:03] <elukey>	 a gateway can act as L4 or L7 (so tcp vs https or http) but it seems that the IstioOperator configs don't mention this use case
[14:38:58] <elukey>	 that is https://istio.io/latest/docs/reference/config/istio.operator.v1alpha1/
[18:22:17] * elukey afk!