I have installed istio in EKS, I was able to setup HTTPS ingress gateway and able to access HTTP application, but I have an application which will accept only https traffic, I am not able to set that up, I saw the below link, but it recommends to update the secrets and config details in the container yaml file but my application is a helm chart provided by vendor and they dont recommend to add the details like below inside the container. Is there any way, I can setup https ingress gateway to access https service
Yes of course you can set it up. You need to have certificates and install them at specific place in file system. The secret must be named a certain way too.
Thanks Steve, I have a self signed certificate, created a kubernetes secret for the certificate, I have enabled SDS true option and hence I am using the configuration file like below.
istio: admin-ingressgateway # use istio default controller
When creating my admin-ingress gateway, I have mentioned the below secret volumes.
- name: ingressgateway-certs
- name: ingressgateway-ca-certs
The above are the steps i have followed. I was able to hit the sidecar for the application and then got this error.
upstream connect error or disconnect/reset before headers. reset reason: connection failure.
But if I disable mTLS, its working fine.
Could you please confirm if I missed any step.
For an https application, even if I didn’t enable mutual TLS, I was able to hit the application through ingress only if I add destination rule like below
With the above destination rule, I was able to access the service through istio ingress gateway, but as soon as I enable mutual tls it starts failing.