(This is for Istio 1.6.2)
So, we have a Postgres pod running in our development cluster, and if we set istio-injection=enabled for the namespace, trying to use nodeport to get in fails with an SSL error (for instance, with pgcli, it will fail to connect and give this error: received invalid response to SSL negotiation)
I can disable Envoy being added to the pod with annotation of
sidecar.istio.io/inject: ‘false’, but that also means no tls to the database is happening even inside the cluster, and that’s not quite what I want, even if that means the NodePort will work.
What would be easiest way to turn off mTLS for the NodePort only?