我在istio上使用了k8s. 而且,我有带有https端点(相互tls)的外部api
I'm using k8s with istio. And, I have external api with https endpoint (mutual tls)
我不希望k8s pod的每个api请求都实现相互tls调用,因此,如果istio envoy代理可以处理相互tls,那就太好了.然后pod可以使用http调用api,并且特使将请求转换为https mtls请求.
And I don't want every api request from k8s pod to implement mutual tls call, so it would be great if istio envoy proxy can process mutual tls. Then pod can call api with http, and request would be converted to https mtls request by envoy.
+---------------------------------+ | (pod) ---http--> (envoy proxy) -|-https(mtls)--> external api +---------------------------------+我设法找到了与特使共同解决问题的方法. 如何将自定义客户端证书用于istio提供外部服务?
I managed to find a solution of mutual tls with envoy. How can I use custom client certificate for external service with istio?
现在,我应该找到如何设置特使代理以将http转换为https. 我猜我应该使用 ServiceEntry , DestinationRule , VirtualService ,但我坚持在这里.
Now I should find how to setup envoy proxy to convert http to https. I guess that I should use ServiceEntry, DestinationRule, VirtualService, but I stuck here.
救救我.
推荐答案这里是istio.io的任务.
Here is a task on istio.io how to do it.
更多推荐
我希望istio envoy代理将HTTP流量转换为https
发布评论