I am trying to call a web service running in another pod from one pod in istio.
I wrote both micro-services in python. Could you please tell how to make https call from one micro service running in one pod to another micro service running in another pod.
I can find the below sample command from istio web site.
kubectl exec $(kubectl get pod -l app=sleep -o jsonpath={.items..metadata.name}) -c istio-proxy -- curl https://httpbin:8000/headers -o /dev/null -s -w '%{http_code}\n' --key /etc/certs/key.pem --cert /etc/certs/cert-chain.pem --cacert /etc/certs/root-cert.pem -kBut that is making https call from istio-proxy container, but how my microservice will forward the request to istio-proxy which then forwards the request to another istio-proxy in different pod?
From this link https://istio.io/docs/concepts/security/, I cannot understand statement 'Istio re-routes the outbound traffic from a client to the client’s local sidecar Envoy.'? What is the code change in my python microservice to call https web service? Please give full example if you have any?
This task from istio docs shows how mutual TLS works with HTTPS services. It includes:
All of the above scenarios provides command that you can run on one microservice container to hit https endpoint of another micro service. For example to hit nginx over https from the sleep container
kubectl exec $(kubectl get pod -l app=sleep -o jsonpath={.items..metadata.name}) -c sleep -- curl https://my-nginx -kThe benefit of istio is that you don't need to do any code change in your python application. Istio proxy side car will do necessary stuff to enable the security features such as mTLS.