Difficulty: Advanced
Estimated Time: 15 minutes

Through this scenario, you can have closer look at mutual TLS and learn its settings.

Download the ebook "Introducing Istio Service Mesh for Microservices" for FREE at https://developers.redhat.com/books/introducing-istio-service-mesh-microservices/.

You can also run this tutorial on your machine, visit http://bit.ly/istio-tutorial.

Don’t stop now! The next scenario will only take about 10 minutes to complete.

mTLS

Step 1 of 2

Before start

You need to remove the customer route you created at the beginning of the tutorial.

To do it just run: oc delete route customer

Then, you need to enable Istio Ingress to receive all traffic and redirect it to customer service. For this reason, let’s create a Gateway and VirtualService that allows local calls reach the clustered service inside the mesh.

istioctl create -f ~/projects/istio-tutorial/istiofiles/gateway-customer.yml

Then configure some environment variables that will help you on testing:

export INGRESS_PORT=$(oc -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="http2")].nodePort}'); \ export GATEWAY_URL=http://customer-tutorial.[[HOST_SUBDOMAIN]]-$INGRESS_PORT-[[KATACODA_HOST]].environments.katacoda.com;

Now you can run curl but against GATEWAY_URL and you’ll see the same messages as before (customer => preference => recommendation v1 from 'b87789c58-mfrhr': 1):

curl ${GATEWAY_URL}

Note: The command bellow migh return customer => 503 preference => 503 no healthy upstream. In that case, repeat the command curl ${GATEWAY_URL} until you see customer => preference => recommendation v1 from 'b87789c58-mfrhr': 1