K
Q

How do I pass certificate common name to istio internal service in istio 1.4.0?

1/3/2020

I followed the setup in below link to enable secure connection to ingress gateway

https://istio.io/docs/tasks/traffic-management/ingress/secure-ingress-sds/

I can send request and get the response from internal service, but is there a way to access certificate common name in internal service?

Internal service is running the following flask application.

from flask import Flask, request
app = Flask(__name__)

@app.route("/first")
def index():
    return str(request.headers)

if __name__ == "__main__":
   app.run(debug=True, host='0.0.0.0')

And it is giving the following output

Accept: */*
X-Forwarded-For: 10.32.0.5
X-Envoy-Decorator-Operation: flasksvc.default.svc.cluster.local:5000/first
X-Request-Id: f5f4d99f-0fe6-450b-a836-f4f228a5908d
X-B3-Traceid: a057039d68a629d516a7e36660197be8
X-Istio-Attributes: Ck8KCnNvdXJjZS51a....
Host: flaskapp.example.com
X-B3-Spanid: 16a7e36660197be8
X-Envoy-Internal: true
User-Agent: curl/7.29.0
Content-Length: 0
X-B3-Sampled: 0
X-Forwarded-Proto: https

I want to see certificate common name in response, could you please help me how to do it with istio 1.4.0 version

-- Kalyan Kumar
istio
kubernetes

Similar Questions

OpenShift: Accessing mounted file-system as non-root
Basic Networking through Kubernetes Services not working in Minikube
How to restart master node in kubernetes
How do I upgrade a Kubernetes worker node on Windows Server 2019?
istio allowed incoming request from namespace which is not in allowed in authorization policy
kubernetes Ingress shows "404 Not Found" eventhough user redirected to correct url
Impact of Docker Containers in Kubernetes Master Node
List deployments using apimachinery by the .spec.selector.matchLabels key

1 Answer

1/3/2020

Well what you need to do is configure istio ingress gateway to perform SNI passthrough without terminating the TLS. Check this guide on how to do it.

-- Arghya Sadhu
Source: StackOverflow