Istio Proxy over TLS

Luca_Passaretta · February 16, 2021, 10:18am

Hi at All!

I have a cluster with a Hyperledger Fabric Blockchain that work with TLS enabled, and other microservices and database.

For my cluster I am considering using Istio. But my question is the following:

Thanks very much!
Luca.

ceposta · February 16, 2021, 1:39pm

Yes, it can do just fine but the traffic gets treated at TCP so you lose the L7 capabilities.

Luca_Passaretta · February 16, 2021, 5:55pm

thank you so much for answering me.

Do I have to then configure istio proxy to work on TLS or does it automatically?

ceposta · February 16, 2021, 11:42pm

it should detect it automatically but you can specify it too to be sure. see here for more: Istio / Protocol Selection

Luca_Passaretta · February 17, 2021, 8:10pm

Okok,

I have the last 2 questione.

The my blockchain network communicates with grpcs protocol, but in the list linked in the post there is only grpc.

Can I consider, for Protocol Selection, the use of appProtocol: tls ?
About the naming of the services, can I consider the use of ExternalService in the namespace istio-system for the mapping of the name service-name.namespaces.svc.cluster.local in service-name? in order to use service-name to call services?

Thank you very much for your patience

Luca.

Topic		Replies	Views
Istio and TLS between envoyproxy & microservice attached Security security	3	389	June 6, 2023
ClusterIP networking on istio injected pods not working Networking	1	1285	July 11, 2019
Egress TLS with TCP Networking	9	4343	June 7, 2023
mTLS-secured HTTP: X-Forwarded-Proto header is `http` Security	3	2215	November 15, 2021
Can the Istio ingressgateway proxy traffic to external HTTPS service? Networking	3	2427	September 15, 2020