Terminate SSL but pass https traffic to backend


For serveral days im trying to make something like this:

Client reach istio gateway via https request. Gateway pass client to specified k8s service.
But there are two important things:

  • gateway must communicate with backend(k8s service) over https traffic
  • client must receive gateway SSL certificate

When i set tls.mode=PASSTHROUGH in gateway all works fine but client receive backend certificate.

I would be grateful for any help in configuring this.