Need assistance configuring Istio Egress gateway with mTLS for communication to external cluster APIs #49481
Replies: 2 comments 2 replies
-
the first step is to make sure within a mesh the traffic is hitting the egress gateway. I suggest start from the source sidecar and see if the traffic is routed correctly to the egress gateway via the VS that you defined. |
Beta Was this translation helpful? Give feedback.
-
Since you don't see any communication activity in the logs of the egress controller, it means that the traffic is not being routed to Egress Gateway correctly. I think you can check if there is a network policy or firewall rule organizing the Egress traffic. Also you can increase the log level of the Egress Gateway pod and analyze it more specifically based on the logs. istioctl pc log <Egress Pod Name> --level=debug |
Beta Was this translation helpful? Give feedback.
-
Hello everyone,
We have Istio configured on our Kubernetes cluster, with both Ingress and Egress gateways enabled (see IstioOperator configuration below). Our Ingress gateway is functioning as desired, with mTLS enabled, ensuring secure communication from clients to our Kubernetes cluster.
However, we're encountering difficulties configuring the Egress gateway to establish mTLS communication with another external cluster where our APIs reside. Despite our efforts, we haven't been successful, and we're not seeing any communication activity in the logs of the Egress Controller.
Problem:
We are attempting to implement mTLS for communication from our Kubernetes cluster to an external cluster where our APIs are hosted on Port 8443.
Despite configuring the Egress gateway with mTLS settings, we're not seeing any communication activity in the logs of the Egress Controller.
We have ensured that the necessary certificates are available and properly configured on both ends.
IstioOperator Configuration:
Service Entry:
Egress Gateway:
Virtual Service:
We would appreciate any assistance or guidance on properly configuring the Istio Egress gateway for mTLS communication with external cluster APIs. Additionally, any insights into troubleshooting steps or common pitfalls would be greatly appreciated.
Thank you in advance for your help!
Beta Was this translation helpful? Give feedback.
All reactions