How to setup k8s istio aspnet identity server for internal requests

2/22/2022

We have a cluster that runs a number of dotnet apps, one of which runs the identity server. All the other apps need to authenticate with the identity server. If the identity server was external this wouldn't be an issue as it would have an HTTPS endpoint, but internally they are all running HTTP.

  1. With istio adding MTLS security to all the comms, do all the apps just get set with RequireHttpsMetadata = false?

  2. Is this the correct way to setup the network with internal requests being sent as http://auth-server.default.svc.cluster.local/...?

  3. or should they be sent as https://auth-server.default.svc.cluster.local/..., if so how?

-- APW
.net-core
istio
kubernetes

0 Answers