Configure Istio ingress gateway TLS with istio operator

Question

How to configure an ingress gateway TLS which is managed by istio operator (using kind:IstioOperator) . I do not see the normal gateway specs included.

Example from documentation:

apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
spec:
  profile: default
  hub: gcr.io/istio-testing
  tag: latest
  revision: 1-8-0
  meshConfig:
    accessLogFile: /dev/stdout
    enableTracing: true
  components:
    egressGateways:
    - name: istio-egressgateway
      enabled: true

https://istio.io/latest/docs/reference/config/istio.operator.v1alpha1/#GatewaySpec

Answer 1

To get to tls settings for a gateway deployment, you need to create your own Gateway object (not ingress-gateway, just Gateway), you probably want this: https://istio.io/latest/docs/tasks/traffic-management/ingress/secure-ingress/#configure-a-tls-ingress-gateway-for-a-single-host

To manipulate the ingress-gateways from operator, you can use the k8s field under ingress-gateways

apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
spec:
  profile: default
  hub: gcr.io/istio-testing
  tag: latest
  revision: 1-8-0
  meshConfig:
    accessLogFile: /dev/stdout
    enableTracing: true
  components:
    egressGateways:
    - name: istio-egressgateway
      enabled: true
    ingressGateways:
    - name: istio-ingressgateway
      enabled: true
      namespace: istio-system
      k8s:
        <field: value>

https://istio.io/latest/docs/reference/config/istio.operator.v1alpha1/#GatewaySpec

https://istio.io/latest/docs/reference/config/istio.operator.v1alpha1/#KubernetesResourcesSpec