Client to egressgateway - is it MTLS?

Hi, Very short version of my earlier question - I have
Client → Egressgateway → internet target

How can I tell that Client → Egressgateway is MTLS or not?

Tools like Kiali want to look at Policy and say that flows are MTLS or not, but how can I tell from logs or other means?

Previous question: Egressgateway via MTLS to TLS origination


Anyone trying to figure this out:

  1. turn on logging (I suggest JSON format)
  2. per 4 steps to debug your edge microservices in an Istio service mesh – IBM Developer - istioctl proxy-config log istio-egressgateway-b5c9c5-xxxxx.istio-system --level debug
    (turn it on and off for your test, it makes lots of logs)
  3. search for x-forwarded-client-cert and look at the spiffe IDs

Good luck.