I have been looking into Istio’s TLS origination functionality. I have got an example working with HTTP traffic. However trying to setup an example of this with TCP traffic there has been more difficulty. The particular TCP protocol I have been attempting with is LDAP. Having port 389 → port 636. I seem to always end up receiving “UF,URX” codes together.
- Is it actually possible to do TLS origination to TCP traffic, if so where am I going wrong?
apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
name: tcp-service-entry
namespace: test-mesh
spec:
hosts:
- tcp.host.address
addresses:
- IP-ADDRESS/32
endpoints:
- address: IP-ADDRESS
ports:
- number: 389
name: tcp
protocol: TCP
targetPort: 636
- number: 636
name: tcp-secure
protocol: TCP
location: MESH_EXTERNAL
resolution: STATIC
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: tcp-tls-origination-destination-rule
namespace: test-mesh
spec:
host: tcp.host.address
trafficPolicy:
portLevelSettings:
- port:
number: 389
tls:
mode: SIMPLE
sni: tcp.host.address