Scrape mtls enabled pod metrics from external non-mtls prometheus in istio 1.5

we have prometheus installed by prometheus operator, istio 1.4.x is installed without prometheus, kiali is configured to use this prometheus.

this promtheus doesnt have istio sidecar injected so we mount istio.default secret inside prometheus and using that scrape metrics from the application mtls enabled pod’s.


istio 1.5 doesn’t have default secrets in every namespace, does anyone know how to make non istio sidecar prometheus communicate with istio sidecar pod with strict mtls? is a blog about provisioning a certificate to Prometheus in Istio 1.5.

its not straightforward to use with prometheus installed with prometheus operator