Mention Istio Gateway reload cert issue

stefanprodan · Sep 17, 2018 · efb6a76 · efb6a76
1 parent fb199b7
commit efb6a76
Showing 1 changed file with 10 additions and 0 deletions.
diff --git a/docs/8-istio-openfaas.md b/docs/8-istio-openfaas.md
@@ -352,6 +352,16 @@ kubectl -n istio-system logs deployment/certmanager -f
 Certificate issued successfully
 ```
 
+Recreate Istio ingress gateway pods:
+
+```bash
+kubectl -n istio-system delete pods -l istio=ingressgateway
+```
+
+Note that Istio gateway doesn't reload the certificates from the TLS secret on cert-manager renewal. 
+Since the GKE cluster is made out of preemptible VMs the gateway pods will be replaced once every 24h, if your not using 
+preemptible nodes then you need to manually kill the gateway pods every two months before the certificate expires.
+
 ### Configure OpenFaaS Gateway to receive external traffic
 
 Create the OpenFaaS namespaces with Istio sidecar injection enabled: