'Enable istio mTLS STRICT with MongoDB
I have a technical difficulty, I am trying to enable 'STRICT' mutual TLS.
I have a stateless service (name: "my-service" / ServiceAccount / Service / Deployment) and a stateful database ( name: "database" / ServiceAccount / Service with clusterIP: None & port: 27017 / StatefulSet ).
Without PeerAuthentication, everything works well. But when I enable STRICT PeerAuthentication on 'istio-system', the service don’t start correctly (1/2 READY).
apiVersion: security.istio.io/v1beta1
kind: PeerAuthentication
metadata:
name: default
namespace: istio-system
spec:
mtls:
mode: STRICT
I tried to add a "DestinationRule" :
apiVersion: networking.istio.io/v1beta1
kind: DestinationRule
metadata:
name: database
namespace: my-namespace
spec:
host: database
trafficPolicy:
tls:
mode: ISTIO_MUTUAL
I tried to add an "AuthorizationPolicy":
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
name: database
namespace: striper
spec:
selector:
matchLabels:
app: database
rules:
- from:
- source:
principals: ["*"]
Without success...
To connect to the database, I use "database" as the host and "27017" as the port and both service and database are on the same namespace 'my-namespace'..
Any help is welcome ^_^
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|