Egress telemetry for HTTPS traffic

I’m new to Istio, and have configured a couple of our mule apis to run in a small deployment (Istio 1.7.3, Kubernetes 1.17.9-eks)

How do I set up Istio and Kiali to have observability of egress traffic? Is it possible?

When I configure external services that are accessed via HTTPS with direct access service entries, I can see that traffic is attempting to hit those services, but the connection shows as TCP, so if there is a failure in an upstream service, it won’t show up as a failure on that link.

When I configure an egress gateway with PASSTHROUGH TLS, I still have just a TCP connection, with the added bonus that everything is abstracted through the egress gateway, so a failure is even less obvious.

When I configure an egress gateway with TLS origination, I can see the http traffic connecting to the egress gateway, but then I need to rewrite all my apps to force HTTP connections… some things, like AWS API calls (and others) don’t allow changing over to HTTP.

This page seems to imply that metrics gathering is possible for HTTPS: https://istio.io/latest/docs/ops/configuration/traffic-management/protocol-selection/

Thanks all!
Jesse

1 Like

Hello!
Were you able to solve this? I am looking to get the request duration for my HTTPS external calls. I have set up an egress gateway and successfully routed my calls through it, but I still get no telemetry for the gateway.

I’m also working on it. not yet successful.