Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Is mTLS between app gateway and APIM possible? #4387

Open
ronaldbosma opened this issue Feb 15, 2024 · 3 comments
Open

Is mTLS between app gateway and APIM possible? #4387

ronaldbosma opened this issue Feb 15, 2024 · 3 comments
Assignees
@saswatmohanty01
Labels
architecture-center/svc assigned-to-author CXP assigned issue to author doc-enhancement Suggested additions/improvements to an article; user is not blocked Pri2 solution-idea/subsvc triaged

Comments

@ronaldbosma
Copy link

ronaldbosma commented Feb 15, 2024
edited

The architecture diagram suggests that an mTLS connection between the app gateway and APIM is possible (point 5). However, according to this FAQ it is not.

Can you provide insights into which documentation is correct? And if an mTLS connection to a backend is possible, how would this be configured in the app gateway backend pool/backend http settings?

Document Details

Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.
@Naveenommi-MSFT
Copy link

@ronaldbosma
Thanks for your feedback! We will investigate and update as appropriate.

@mike-urnun-msft mike-urnun-msft removed their assignment Feb 20, 2024
@mike-urnun-msft mike-urnun-msft added doc-enhancement Suggested additions/improvements to an article; user is not blocked assigned-to-author CXP assigned issue to author and removed cxp CXP team is reviewing product-question labels Feb 20, 2024
@saswatmohanty01
Copy link
Contributor

@ronaldbosma Could you please share your requirement. Are you looking for mTLS APIM, Application Gateway with AKS or just Application Gateway with other endpoints.

@ronaldbosma
Copy link
Author

I'm assuming that the image on Deploy AKS and API Management with mTLS uses the 'normal' version of the Azure Application Gateway and not the recently released Application Gateway for Containers version, because that resource has a different icon.

The architecture image suggests that communication from the application gateway to API Management is possible using mTLS. See the highlighted part below.

image.

According to the application gateway FAQ, communicatie to backends (in our case APIM) using mTLS is not possible.

I'm assuming that the image on Deploy AKS and API Management with mTLS is incorrect and should be fixed.

As for my client situation. We have the Azure Application Gateway and it routes traffic to Azure API Management as the backend. I known that both Azure Application Gateway and Azure API Management support mTLS on incoming traffic. We were looking into also using mTLS for traffic coming for the Azure Application Gateway going to API Management, but as mentioned before, this does not seem possible.

One of my colleagues saw the picture on Deploy AKS and API Management with mTLS. Because of that, he wasn't convinced that mTLS from Azure Application Gateway to API Management is not possible.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@saswatmohanty01 saswatmohanty01

Labels
architecture-center/svc assigned-to-author CXP assigned issue to author doc-enhancement Suggested additions/improvements to an article; user is not blocked Pri2 solution-idea/subsvc triaged
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@ronaldbosma @mike-urnun-msft @saswatmohanty01 @Naveenommi-MSFT