I have been looking into Istio’s TLS origination functionality. I have got an example working with HTTP traffic. However trying to setup an example of this with TCP traffic there has been more difficulty. The particular TCP protocol I have been attempting with is LDAP. Having port 389 → port 636. I seem to always end up receiving “UF,URX” codes together.
- Is it actually possible to do TLS origination to TCP traffic, if so where am I going wrong?
apiVersion: networking.istio.io/v1alpha3 kind: ServiceEntry metadata: name: tcp-service-entry namespace: test-mesh spec: hosts: - tcp.host.address addresses: - IP-ADDRESS/32 endpoints: - address: IP-ADDRESS ports: - number: 389 name: tcp protocol: TCP targetPort: 636 - number: 636 name: tcp-secure protocol: TCP location: MESH_EXTERNAL resolution: STATIC apiVersion: networking.istio.io/v1alpha3 kind: DestinationRule metadata: name: tcp-tls-origination-destination-rule namespace: test-mesh spec: host: tcp.host.address trafficPolicy: portLevelSettings: - port: number: 389 tls: mode: SIMPLE sni: tcp.host.address