In real-world scenarios, operators use DNS to map ingress gateway IP addresses to the names that we are using.

In our case, we will define these in the /etc/hosts file. Let's get started:

1. Find out the external IP address and the port of the Istio ingress gateway:

$ export INGRESS_HOST=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.status.loadBalancer.ingress..ip}') ; echo $INGRESS_HOST
192.168.142.249

$ export INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="https")].port}') ; echo $INGRESS_PORT
443

The ingress IP address could be different in your VM.

2. Please take note of your ingress host and IP address and run the following two commands. These will create and update the /etc/hosts file:

$ if ! grep -q bookinfo.istio.io /etc/hosts ; then echo "$INGRESS_HOST bookinfo.istio.io" | sudo tee -a /etc/hosts; fi

$ if ! grep -q httpbin.istio.io /etc/hosts ; then echo "$INGRESS_HOST httpbin.istio.io" | sudo tee -a /etc/hosts; fi

$ cat /etc/hosts
192.168.142.249 bookinfo.istio.io
192.168.142.249 httpbin.istio.io

3. Ping both hosts to make sure that the IP address has been resolved:

$ ping -c4 bookinfo.istio.io
$ ping -c4 httpbin.istio.io

Istio initially used Kubernetes secrets to mount certificates and keys inside the pod, and that posed an issue regarding security if an attacker gains access to the pod. Istio now implements the Secret Discovery Service (SDS) process to keep the certificates and keys in memory instead of mounting them inside the pod. Next, we will go through the process of configuring the Ingress gateway using SDS.