ISTIO_mTLS difference with Ingress Gateway vs Sidecar #49559
haithamshahin333
started this conversation in
General
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hello,
I've enabled a federated mesh using Spire, I'm seeing cluster1 in trust domain foo.com can do ISTIO_MTLS with an ingress gateway win cluster2 in trust domain bar.com. However, when I configure the gateway to PASSTHROUGH such that ISTIO_MTLS should happen between the two services in each cluster, I see a OpenSSL error.
Is there a difference in how the gateway does ISTIO_MTLS vs a sidecar? If you refer to the image below, what I'm suggesting is that the only real way to get this working is to place a gateway between the two services and have ISTIO_MTLS occur at the gateway.
Beta Was this translation helpful? Give feedback.
All reactions