Provision Istio certificates for Prometheus is by injecting a sidecar which will rotate SDS certificates and output them to a volume that can be shared with Prometheus as described here : Istio / Prometheus
Pod level annotaions: spec: template: metadata: annotations: sidecar.istio.io/inject: "true" traffic.sidecar.istio.io/includeInboundPorts: "" # do not intercept any inbound ports traffic.sidecar.istio.io/includeOutboundIPRanges: "" # do not intercept any outbound traffic proxy.istio.io/config: | # configure an env variable `OUTPUT_CERTS` to write certificates to the given folder ....
Above works fine with Pods running in strict mTLS enabled namespace.
But the added istio-proxy to the prometheus-server pod uses the image: docker.io/istio/proxyv2:1.7.5
Why is this the case ? Is hard coded or some other reason ?