K
Q

Secure outbound traffic with Istio egressgateway

6/27/2019

I have a SOAP clien which sends requests to SOAP server that holds outside of the kuber cluster.

I'm using Istio as Service Mesh. I know that Istio Ingressgateway can be secure by using TLS or mTLS on it, so my app dont have to implement some secure logic. About it in this article https://preliminary.istio.io/docs/tasks/traffic-management/ingress/secure-ingress-mount/.

Is there a way that Egressgateway can secure outcomming traffic with TLS ?

For example my SOAP app dont use client sertificate to establish secure connetion with outbound SOAP server. Can Egressgateway establish TLS connnection by using client certs which mounted on it or with SDS.

-- Vito Karleone
gateway
istio
kubernetes
tls1.2

Similar Questions

Can I execute a Linux binary from a Windows application?
Jenkins: Managing Multiple Environment Configuration and Deployments
How to fix "pods is not balanced" in Kubernetes cluster
Best practice deploying kubernetes deployment to different environments and handling buildnumbers in the config
How to disable openapi docs API calls in Ambassador api gateway?
How run post-init-container like job in k8s

1 Answer

6/27/2019

You can configure an egress gateway to establish an outbound connection using mutual TLS (client certificate).

This way the connection will be established mTLS secured transparently for your service.

You can find a documentation for this here.

-- Randy
Source: StackOverflow