mTLS between istio side car and external service

Im trying to set up mTLS between a non meshed pod and a meshed pod all in the same cluster. I used the egress traffic mtls documentation but it seems to use kubernetes secrets between internal and external services to establish mtls (Istio / Egress TLS Origination). Is there a way to use istio’s default certs ( Im using plug in CA model so I can supply istio certificates and also sign other ones for the external pod). Where would a side car proxy check for mounted certs in an external pod to establish mTLS

A sidecar proxy will establish mTLS with another sidecar proxy in the same mesh. External services do not have a side car to provision certificates for them. For the external services, you need to configure on the Egress gateway the service’s own certificates and how to verify the external service’s certificates.

1 Like