Installed 18.2 istio in Kubernetics cluster using below command
./istioctl install --set profile=demo -y
step 1 : setup gateway to perform ssl termination with tls mode as “SIMPLE”
step 2: enabled istio-injection to a namespace
step 3: enabled PeerAuthentication as below
kind: PeerAuthentication
metadata:
name: “default”
namespace: “istio-system”
spec:
mtls:
mode: STRICT
step 4: enabled destination rule
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: default
namespace: xxxxx
spec:
host: ‘*.xxxxx.svc.cluster.local’
trafficPolicy:
tls:
mode: ISTIO_MUTUAL
step 5 : Installed 2 applications as pods with respective virtual service
step 6: able to access from outside the cluster to applications via https url sucessfully
step7 : Application failing to reach other via their respective https url’s
On verification found mtls not configured :
kubectl get deploy -l istio=citadel -n istio-system
No resources found in istio-system namespace
Request to know what steps to eprform to enable mtls between pods of istio enabled namespace
Regards
Sadanjan