How can I use custom client certificate for external service with istio?

Question

I need to setup mutual tls communication from kubernetes pod to external service. My system is running with istio system.

I found reference about this.

https

Answer 1

You can run istioctl kube-inject -f your-deployment.yaml > your-deployment-with-istio-sidecar.yaml.

Then edit your-deployment-with-istio-sidecar.yaml and add mounting of the certificates from some secrets. Then create the secrets from your certificates.

Alternatively, create your sidecar injection template, see https://istio.io/blog/2019/data-plane-setup/#manual-injection.

Example of creating secrets for certificates: https://istio.io/docs/tasks/traffic-management/egress/egress-gateway-tls-origination/#redeploy-the-egress-gateway-with-the-client-certificates

Mounting volumes from secretes described here https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod