Egress tls originated from istio-proxy to external service for a tcp protocol

lucdew · October 19, 2023, 11:49am

Hi,
is it possible to initiate tls from the istio-proxy to an external service for tcp ?

I’d like the main container to initiate a tcp connection on port 2501 to an external service and have the istio-proxy intercept it and start a TLS connection to the external service on port 2500.

I managed to have the istio-proxy route the tcp connection to a different port but I failed to have it initiate a TLS connection (simple or mutual).

I was wondering if it is something that should work or it should be done by a tcp/tls proxy.
The tcp protocol is not http/grpc it is a custom protocol.

Regards.

lucdew · October 19, 2023, 9:05pm

Sorry, for the noise but in the end I managed to make egress tcp to istio-proxy and then mtls from istio-proxy to an external service following egress-tls-origination
I just changed the service entry with tcp for the clear port and added addresses (needed from tcp service entry).

Topic		Replies	Views
Egress TLS with TCP Networking	9	3943	June 7, 2023
Does Egress TLS Origination works for TCP app instead of HTTP	0	162	June 7, 2023
TLS origination from sidecar proxy instead of the Egress Gateway Security security	0	952	November 17, 2020
How to originate TLS when forwarding to external ServiceEntry Networking	14	397	July 17, 2023
Cannot intercept TLS traffic with istio egress gateway Security security	1	1070	June 14, 2021

Egress tls originated from istio-proxy to external service for a tcp protocol

Related Topics