CODEWITHSUNDEEP
mongodbgatewayistio
kosta
kosta

Reputation: 4740

Connecting to mongodb on ssl via istio ingress gateway

I have the following code in my istio ingress gateway

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: my-gateway
  namespace: staging
spec:
  selector:
    istio: ingressgateway # use Istio default gateway implementation
  servers:
  - hosts:
    - "my.mongodb.com"
    port:
      number: 27018
      protocol: MONGO
      name: mongo

---      

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: myname
  namespace: staging
spec:
  hosts:
    - "my.mongodb.com"
  gateways:
  - my-gateway
  tcp:
  - match:
    - port: 27018
    route:
    - destination:
        host: my-service
        port:
          number: 27018

When I don't inject the sidecar, I can connect to this mongodb using my.mongodb.com:27018 --ssl

However, when I have the sidecar, I get the following error:

$ mongo my.mongodb.com:27018 --ssl
MongoDB shell version v4.0.2
connecting to: mongodb://my.mongodb.com:27018/test
2019-02-13T23:30:44.201+1100 E QUERY    [js] Error: couldn't connect to server proxy.provendb.com:27018, connection attempt failed: SocketException: Secure.Transport: handshake failure :
connect@src/mongo/shell/mongo.js:257:13
@(connect):1:6
exception: connect failed

What is the correct way to set up ssl enabled mongodb on istio ?

edit

I tried this

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: my-gateway
  namespace: staging
spec:
  selector:
    istio: ingressgateway # use Istio default gateway implementation
  servers:
  - hosts:
    - "my.mongodb.com"
    port:
      number: 443
      protocol: TLS
      name: tls-mongo
    tls:
      mode: PASSTHROUGH  


apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: myvs
  namespace: staging
spec:
  hosts:
    - "my.mongodb.com"
  gateways:
  - my-gateway
  tcp:
  - match:
    - port: 443
    route:
    - destination:
        host: my-service
        port:
          number: 27018
          # name: proxy-port

I get host unreachable

2019-02-14T05:38:08.392+1100 E QUERY    [js] Error: couldn't connect to server my.mongodb.com:443, connection attempt failed: HostUnreachable: Connection was closed :
connect@src/mongo/shell/mongo.js:257:13
@(connect):1:6
exception: connect failed

Upvotes: 2

Views: 2766

Answers (1)

Vadim Eisenberg
Vadim Eisenberg

Reputation: 3427

Use TLS as the protocol, see an example. Just replace HTTPS with TLS, and fix the ports and the hosts. Use port 443, and in the destination specify port 27018. Access it by mongo my.mongodb.com:443 --ssl.

Upvotes: 3

Related Questions