Hi, Very short version of my earlier question - I have
Client → Egressgateway → internet target
How can I tell that Client → Egressgateway is MTLS or not?
Tools like Kiali want to look at Policy and say that flows are MTLS or not, but how can I tell from logs or other means?
Previous question: Egressgateway via MTLS to TLS origination
Thanks
Anyone trying to figure this out:
- turn on logging (I suggest JSON format)
- per 4 steps to debug your edge microservices in an Istio service mesh – IBM Developer -
istioctl proxy-config log istio-egressgateway-b5c9c5-xxxxx.istio-system --level debug
(turn it on and off for your test, it makes lots of logs)
- search for
x-forwarded-client-cert
and look at the spiffe IDs
Good luck.