Set Up an mTLS Gateway ​
Learn how to set up an mTLS Gateway in Istio.
Context ​
According to the official CloudFlare documentation:
Mutual TLS, or mTLS for short, is a method for mutual authentication. mTLS ensures that the parties at each end of a network connection are who they claim to be by verifying that they both have the correct private key. The information within their respective TLS certificates provides additional verification.
To establish a working mTLS connection, several things are required:
- A working DNS entry pointing to the Istio Gateway IP
- A valid Root CA certificate and key
- Generated client and server certificates with a private key
- Istio and API-Gateway installed on a Kubernetes cluster
The procedure of setting up a working mTLS Gateway is described in the following steps. The tutorial uses a Gardener shoot cluster and its API. The mTLS Gateway is exposed under your domain with a valid DNS A record.
Prerequisites ​
- You have the Istio and API Gateway modules added.
- You have set up your custom domain.