We are using Istio for several services advertised via a Gateway using TLS simple mode to route traffic to several services from the same Gateway IP.
We wish to also employ TLS passthrough in order to reverse-proxy external services alongside our internal kubernetes Pod-hosted services. We would consider using TLS origination if passthrough was not an option alongside our existing HTTPS simple mode services.
So far I have been referring to this PR for details of how to perform this configuration: https://github.com/istio/istio.io/pull/3180/files
I’m aware that there are some issues in our config, as although I can get the httpbin example to work for plain HTTP redirection, when moving to HTTPS I cannot get a connection; TLS negotiation fails like this:
* ALPN, offering http/1.1 * gnutls_handshake() failed: The TLS connection was non-properly terminated. * Closing connection 0 curl: (35) gnutls_handshake() failed: The TLS connection was non-properly terminated.
I will follow up and attach our config. Shortly. Using Istio 1.0.2 I believe.