K
Q

Validating client (non-istio) certificate at the Ingress gateway in my AKS cluster

7/22/2020

I have a scenario where an external app (not on Istio) is calling our services to get some data. Client sends in it's certificate in the WebRequestHandler that we validate as a way to authenticate the client. Can this be done at the ingress-gateway level?

Please note that I am also terminating the TLS traffic at the gateway and forwarding the request to the corresponding services on different pods based on http url-regex matching. I am also okay to validate the certificate in my service's code given it reaches the service as it is (excuse me for sounding naive here, I am very new to this).

Thank you!

-- Jim
azure-aks
istio
kubernetes
kubernetes-ingress
ssl

Similar Questions

AWS has per node Pod IP restrictions, pods are stuck at ContainerCreating state
How to fix json unmarshal error while executing kubectl patch command?
Does Kubernetes need to assign real IP addresses?
Jupyterhub installation Hub Pod Pending state
How I can deploy superset on K8s using helm chart passing the superset_config.py values?

1 Answer

7/22/2020

If you want mutual TLS between an external service and Istio's Ingress Gateway then that's possible and is documented here: https://istio.io/latest/docs/tasks/traffic-management/ingress/secure-ingress/

-- Rinor
Source: StackOverflow