Hi, We run airflow as a set of k8s deployments inside of a GKE cluster, similar to the way specified in Mumoshu's github repo: https://github.com/ mumoshu/kube-airflow.
We are currently investigating securing our clusters using istio [1]. Specifically we are interested in adding additional security by enabling mutual tls [2]. The MTLS demo [3] from istio works fine but when we try to enable it for our airflow deployments pods begin to crash. For example, the rabbitmq crashes due to a timeout: 'ERROR: epmd error for host rabbitmq-596f977747-k58bb: timeout (timed out)' We have both a Policy to enable MTLS on the service side, and DestinationRule telling clients to use mtls. Has anyone set-up mutual TLS with airflow and kubernetes using istio before? Any ideas are appreciated. Thanks in advance! [1] http://istio.io/ [2] https://istio.io/docs/tasks/security/authn-policy/ [3] https://istio.io/docs/tasks/security/authn-policy/#enable-mutual-tls-for-all-services-in-a-namespace
