We’ve got an Azure application gateway working with istio. Traffic flows through the gateway to the istio ingress controller, working just fine. However, we need the application gateway to not terminate TLS, we need the application gateway to reencrypt the traffic as it goes to the ingress controller. Has anyone set something up like this before who may be able to assist?
I don’t use the Azure cloud so I don’t know more about it. But gateway is a component of istio so I think It is not dependent on the infra which you use. In my case. I create a set of certificates by openssl command and create a secret from them, In gateway configuration you add spec tls for it with credentials value is secret’s name you created.
apiVersion: networking.istio.io/v1beta1
kind: Gateway
metadata:
name: internal-gateway-tls
namespace: istio-system
spec:
selector:
app: istio-ingressgateway
istio: ingressgateway
servers:
- hosts:
- '*'
port:
name: https
number: 443
protocol: HTTPS
tls:
credentialName: secret’s name
mode: SIMPLE