Secure Kiali and Jaeger in Istio

I’d like to secure traffic to Kiali and Jaeger.

Currently I install both tools via the Istio helm install and create a gateway and virtualservice to expose both services to the internet via HTTPS. Doing that, traffic between the browser and the internet-inressgateway is secure.

But the traffic between the internet-ingressgateway and the services Kiali and Jaeger isn’t.

I could secure this traffic by installing Kiali and Jaeger to a different namespace where sidecar-injection and mTLS is enabled.

But I wonder if there is something easier in istio that I have missed.
Is there an easier or more istio-native way to secure the traffic?


Note that in latest release of Kiali you can select if you want to expose Kiali service from http/https natively.
So you would be able to combine this with how to expose this service externally.

This is the details of the configuration:

For more info, should be also updated about it.

1 Like