I have a flat network and each pod has a routable IP.
I have enabled MTLS -
- DestinationRule has tls MUTUAL (should not matter in this case)
- Policy - is said to STRICT TLS.
I am using my own CA and want a client outside the mesh to access an MTLS enabled service inside the mesh.
Istio-proxy logs on the service pod show has_user: false when client is external.
Shows has_user: true when client is internal.
Is it even possible to do what I am trying to do? In the migration document its mentioned existing clients using plain text.