We’ve got an Azure application gateway working with istio. Traffic flows through the gateway to the istio ingress controller, working just fine. However, we need the application gateway to not terminate TLS, we need the application gateway to reencrypt the traffic as it goes to the ingress controller. Has anyone set something up like this before who may be able to assist?
I don’t use the Azure cloud so I don’t know more about it. But gateway is a component of istio so I think It is not dependent on the infra which you use. In my case. I create a set of certificates by openssl command and create a secret from them, In gateway configuration you add spec tls for it with credentials value is secret’s name you created.
apiVersion: networking.istio.io/v1beta1 kind: Gateway metadata: name: internal-gateway-tls namespace: istio-system spec: selector: app: istio-ingressgateway istio: ingressgateway servers: - hosts: - '*' port: name: https number: 443 protocol: HTTPS tls: credentialName: secret’s name mode: SIMPLE