Recently I’ve had the experience of reconfiguring the popular Kubernetes Service Mesh Istio (using it’s Gateway ingress model) to work with an AWS Application Load Balancer with a degree of automation and scalability. This is a challenging deployment to say the least and whilst documentation exists to varying degrees for the separate components, it’s scant. I’m less than impressed with the official Istio documentation (though it has gotten way better) . . .
Recently I was presented with a very common problem, offer up a service which uses an unprivileged port, present that service through a reverse proxy and keep the entire service secure by completing TLS termination on the proxy. This is a pretty old problem and in my case the service is Hashicorp Vault, but what’s odd is that for such a popular platform I couldn’t find any guides or configuration . . .
I’m just going to throw it out there, I love working with security, cryptography and certificates. it wasn’t always that way and like a lot of people I used to recoil in horror of the idea of having to work with certificates. In my experience that’s not an uncommon scenario to be in, it’s almost a universally loathed task to have to work with certs and it boils down to . . .