I’ve Istio 1.4.0 running on Kubernetes 1.15.9. I’m trying to achieve below but the more I read Istio documentation the more I’m getting confused. Let me put it in a simple way.
First thing is, I want to have mTLS for maximum services (if possible).
elasticsearch-master pod with service exposed on
9300 . I’ve one
elasticsearch-data pod with service exposed on
9300 . When I’ve Istio’s default Automatic mTLS enabled, both of these pods work nice and a helathy ES cluster starts up. I think that’s because ES master and data nodes communicate over port
9300 . Also, I don’t want to access any of these ES pods from outside of K8S cluster.
Now, I want to start one
Kibana pod with service exposed on
5601 . When I start
Kibana pod with Istio’s default Automatic mTLS enabled, it fails to start. Because it can’t connect to
elasticsearch-data service on
9200 . I’m getting all kinds of SSL errors (may be because of whole mTLS thing?). I don’t know if it’s even possible to have this connection with this whole Istio’s Automatic mTLS enabled. Also, I want to access this Kibana from outside of K8S cluster.
Appreciate your help.