Here is our setup.
It’s an azure AKS cluster.
sidecar injection enabled on the namespace level.
Peer authentication created for the namespace with PERMISSIVE mode.
A gateway, virtual service, and destination rule are created for allowing the primary to the service.
Is there anything else needed for MTLS to work properly? I could see a lot of requests with connection_security_policy as none or unknown though all the pods have sidecars.
in some workloads, if I do a normal curl to the service URL, it works and connection_secruity_policy is shown as mtls but when I do a curl with -H ‘Host:myhostname’ it still works but its not MTLS then.
Need help with this.
I see very few documentation for 1.6.x and there is lot of confusion on all. Can we have a better steps or requirements on how to handle MTLS on 1.6.x?