Home > Enterprise >  Istio ingressgateway allow tls for private IP
Istio ingressgateway allow tls for private IP

Time:02-03

What I am going to use:

  • Microk8s
  • istio addon
  • Metallb addon
  • Cert manager (if possible)

With microk8s, I want to deploy several micro services.

I want to set up istio gateway to check whether rest api requests are using https protocol.

  • Each micro service has its own virtual service.

If there is no dns, but can only use a private ip address(ex. 192.168.2xx.xxx), what do I have to do first? If this approach is not possible technically, please let me know.

(With dns, letsencrypt would be a solution using cert-manager. Is there any options for a private IP address that works like letsencrypt?)

CodePudding user response:

Are there any options for a private IP address that works like letsencrypt? :

If you are using a private IP address and do not have DNS, you cannot use LetsEncrypt to obtain a SSL certificate. Instead, you will need to use a certificate from a Certificate Authority (CA) that can generate certificates for private IPs. To do this, you will need to generate a Certificate Signing Request (CSR) and submit it to the CA. The CA will then generate a certificate that is signed with its private key and send it back to you. You will then install this certificate on your Istio gateway and use it to check whether requests to your microservices are using HTTPS protocol. Additionally, you will need to ensure that each microservice has its own virtual service to make sure that the requests are routed to the correct microservice. Refer to this doc for more information.

To set up istio gateway to check whether rest api requests are using https protocol.

To set up an Istio gateway to check whether REST API requests are using the HTTPS protocol, you need to configure a gateway and virtual service in Istio. The gateway should be configured to route traffic on the HTTPS port to the port where your REST API is running. The virtual service should be configured to match requests that have the X-Forwarded-Proto header set to https and route them to the correct service. You can also configure Istio to reject requests that don't have the X-Forwarded-Proto header set to https or that have the X-Forwarded-Proto header set to http. Once you have configured the gateway and virtual service, you should be able to test that requests to your REST API are using the HTTPS protocol.

Refer this doc on configuring TLS ingress gateway .

  • Related