GKE - TCP/TLS Gateway

Hello Istio community.

I’m currently using GKE along with Istio. We are using Google Loadbalancer (provisionned by the Istio-gateway service)

Here’s my requirement: I want to expose several Postgres statefulset (+ its service) to the external world.

  • I would like all servers to have either a different host OR port
  • Using TCP, or ideally TLS
    • Could we create our own CA certificate and create an individual certificate for each client?

Could you confirm, or infirm, if Istio can be used to achieve this, also, if possible, share any relevant article or example?