AKS Ngnix Ingress Controller with Istio service mesh

Hi All,

We already have configured AKS with Ngnix Ingress Controller and now we are exploring service mesh implementation in AKS. For now, we are exploring Istio and Consul. Please help/guide me in below options for ingress -

  1. Ngnix Controller with Istio service mesh
  2. Istio gateway with Istio service mesh

Which of the above option is recommended? If we want to continue with Ngnix, how to configure it to talk to service mesh? Can it have mTLS with Pods proxy (envoy)? With Ngnix, will we be able to use all service mesh features?

I am kind of new to service mesh and Istio and will appreciate your quick help/guidance… I would to have a call if possible to discuss it. Many thanks…

I am also working with AKS, Nginx ingress controller and Istio service mesh. I must say all the features work perfectly without any issue.

  1. I did try various options like Nginx Ingress object -> Istio Ingress Gateway -> microservices pods(service mesh). Till Istio Ingress Gateway traffic is based on TLS(public certificates), from Istio Ingress gateway to pods of microservices based on MTLS(can be istio private certificates).
  2. Also, I did try passthrough TLS option till pod, and it worked perfectly well too.

For both the above option, you have to enable passthrough on the ingress object, and all the required annotations are present on Nginx ingress controller documentation. Just to add, start. your Nginx ingress controller with --enable-ssl-passthrough option.

Just to add things are weird when you use Azure app gateway with Azure app gateway ingress controller(agic).

Thanks @Abhishek_Sharma1…as I have just started learning it, a call with you will be of big help…Can we talk?

Sure, also I have some examples lying on my Github for all this, I will package together in the repo and you can have a look.

Thanks @Abhishek_Sharma1… Can you please share your contact details? My email ID is mohd.aslam1@gmail.com