I would like to configure tls termination on sidecar similar to what nginx does. What’s the best way to achieve this? The SSL needs to be terminated on specific port and upstream connection should ignore ssl.
I tried with envoyfilter but it’s not working. Am i missing something? Istio version is 1.6.8
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name: transporter-tls-listener
namespace: xxxxxx
spec:
workloadSelector:
labels:
app: yyyyy
configPatches:
- applyTo: HTTP_FILTER
match:
context: SIDECAR_INBOUND
listener:
portNumber: 44350
patch:
operation: INSERT_BEFORE
value:
typed_config:
"@type": "type.googleapis.com/envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager"
transport_socket:
name: envoy.transport_sockets.tls
typed_config:
"@type": type.googleapis.com/envoy.api.v2.auth.DownstreamTlsContext
common_tls_context:
tls_certificates:
certificate_chain: {filename: "/etc/nginx/ssl/tls.crt"}
private_key: {filename: "/etc/nginx/ssl/tls.key"}
admission webhook "validation.istio.io" denied the request: configuration is invalid: Envoy filter: can't unmarshal Any nested proto *envoy_config_filter_network_http_connection_manager_v2.HttpConnectionManager: unknown field "transport_socket" in envoy_config_filter_network_http_connection_manager_v2.HttpConnectionManager