Istio Proxy over TLS

Hi at All!

I have a cluster with a Hyperledger Fabric Blockchain that work with TLS enabled, and other microservices and database.

For my cluster I am considering using Istio. But my question is the following:

  • Can Istio Proxy work on containers that already communicate with TLS?

Thanks very much!

Yes, it can do just fine but the traffic gets treated at TCP so you lose the L7 capabilities.

thank you so much for answering me.

Do I have to then configure istio proxy to work on TLS or does it automatically?

it should detect it automatically but you can specify it too to be sure. see here for more: Istio / Protocol Selection


I have the last 2 questione.

The my blockchain network communicates with grpcs protocol, but in the list linked in the post there is only grpc.

  1. Can I consider, for Protocol Selection, the use of appProtocol: tls ?

  2. About the naming of the services, can I consider the use of ExternalService in the namespace istio-system for the mapping of the name service-name.namespaces.svc.cluster.local in service-name? in order to use service-name to call services?

Thank you very much for your patience