stackoom
  简体   繁体   中英

Validating client (non-istio) certificate at the Ingress gateway in my AKS cluster

 原文  2020-07-22 18:34:05       ssl/ kubernetes/ kubernetes-ingress/ istio/ azure-aks

Question

I have a scenario where an external app (not on Istio) is calling our services to get some data. Client sends in it's certificate in the WebRequestHandler that we validate as a way to authenticate the client. Can this be done at the ingress-gateway level?

Please note that I am also terminating the TLS traffic at the gateway and forwarding the request to the corresponding services on different pods based on http url-regex matching. I am also okay to validate the certificate in my service's code given it reaches the service as it is (excuse me for sounding naive here, I am very new to this).

Thank you!

1 answers

solution1
 1 ACCPTED  2020-07-22 22:08:19

If you want mutual TLS between an external service and Istio's Ingress Gateway then that's possible and is documented here: https://istio.io/latest/docs/tasks/traffic-management/ingress/secure-ingress/

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question AKS Istio Ingress gateway Certificate is not valid Using default SSL certificate in Istio ingress gateway in GKE ISTIO Ingress Gateway logs how to terminate ssl at ingress-gateway in istio? Generate wildcard certificate on Kubernetes cluster with DigitalOcean for my Nginx-Ingress mTLS in OpenShift + Istio (client certificate) TLS handshake through Istio ingress gateway fails (tlsMode=passthrough) Istio + Kubernetes: Gateway more than one TLS Certificate NGINX proxy to Ingress Controller with Client Certificate Authentication Kubernetes Ingress - Automatically validating Certificates issued by Intermedia Certificate
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM