You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I've enabled a federated mesh using Spire, I'm seeing cluster1 in trust domain foo.com can do ISTIO_MTLS with an ingress gateway win cluster2 in trust domain bar.com. However, when I configure the gateway to PASSTHROUGH such that ISTIO_MTLS should happen between the two services in each cluster, I see a OpenSSL error.
Is there a difference in how the gateway does ISTIO_MTLS vs a sidecar? If you refer to the image below, what I'm suggesting is that the only real way to get this working is to place a gateway between the two services and have ISTIO_MTLS occur at the gateway.
@howardjohn@linsun any help would be appreciated! This is associated with the Spire Federation issues you all have commented on in the past. Thanks in advance.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Hello,
I've enabled a federated mesh using Spire, I'm seeing cluster1 in trust domain foo.com can do ISTIO_MTLS with an ingress gateway win cluster2 in trust domain bar.com. However, when I configure the gateway to PASSTHROUGH such that ISTIO_MTLS should happen between the two services in each cluster, I see a OpenSSL error.
Is there a difference in how the gateway does ISTIO_MTLS vs a sidecar? If you refer to the image below, what I'm suggesting is that the only real way to get this working is to place a gateway between the two services and have ISTIO_MTLS occur at the gateway.
@howardjohn @linsun any help would be appreciated! This is associated with the Spire Federation issues you all have commented on in the past. Thanks in advance.
Beta Was this translation helpful? Give feedback.
All reactions