Secure outbound traffic with Istio egressgateway

6/27/2019

I have a SOAP clien which sends requests to SOAP server that holds outside of the kuber cluster.

I'm using Istio as Service Mesh. I know that Istio Ingressgateway can be secure by using TLS or mTLS on it, so my app dont have to implement some secure logic. About it in this article https://preliminary.istio.io/docs/tasks/traffic-management/ingress/secure-ingress-mount/.

Is there a way that Egressgateway can secure outcomming traffic with TLS ?

For example my SOAP app dont use client sertificate to establish secure connetion with outbound SOAP server. Can Egressgateway establish TLS connnection by using client certs which mounted on it or with SDS.

-- Vito Karleone
gateway
istio
kubernetes
tls1.2

1 Answer

6/27/2019

You can configure an egress gateway to establish an outbound connection using mutual TLS (client certificate).

This way the connection will be established mTLS secured transparently for your service.

You can find a documentation for this here.

-- Randy
Source: StackOverflow