I want to connect multiple meshes together. I currently manage 3 different AKS clusters (
Production). I have
Hashicorp Vault running on
Operations, I’d like to be able to reach
Postgres that’s running in
Production using istio mTLS (for automatic secret rotation).
I don’t want to enable automatic service discovery by sharing secrets between clusters.
My question is: How to configure
Operations to reach pods in different meshes (using an
The 3 clusters have different
trustDomains. They all share a common root CA.
I generated a tls certificate for
Hashicorp Vault (it’s not running behind istio) with
SAN URI:spiffe://operations-trust-domain/ns/vault/sa/vault So mTLS and AuthorizationPolicies should technically be able to be leveraged.