mTLS between services across mesh boundary

mandrillg · June 18, 2022, 10:35pm

I have a pod A deployed with its own cert and key, the cert being issued from the same signing certificate which the mesh uses. The pod didn’t have the mesh sidecar. If I now want to configure mTLS connectivity between pods inside the mesh and this pod, I am trying to understand the simplest configuration that would work for me.

A destination rule for the pod A, specifying ISTIO_MUTUAL as the TLS mode for the FQDN of the target service A.

Would I need any egress gateway and virtual service as well?

Nataraj.medayhal · June 19, 2022, 5:46am

It depends on your requirement, egress offers central mechanism for outgoing traffic symmetric to ingress.
As you wanted to achieve simple communication you can achieve it with service entry and destination rule.

Topic		Replies	Views
mTLS between istio side car and external service Security	1	913	July 18, 2022
Sidecar configuration for mTLS for accessing external service Networking	1	1389	January 10, 2022
Istio pod to pod mTLS Security	3	2216	July 2, 2020
mTLS between ingress gateway and sidecars Networking	0	478	January 30, 2023
Enable STRICT MTLS for external clients Security	4	1133	February 8, 2022

mTLS between services across mesh boundary

Related Topics