I want to ask which is the exact flow between container and envoy proxy sidecar for tls connections.
What I have seen so far:
With tls origination:
- Container sends to envoy sidecar plain http
- Envoy sidecar starts an https connection with the target. If we use SIMPLE mode envoy proxy sidecar does not perform targe certificate validation
What about an https connection? What I would like to achieve is the following:
- Container sends to envoy sidecar https through ISTIO_MUTUAL and trusts sidecar’s certificate
- Envoy sidecar starts an https connection with the target. If we use SIMPLE mode envoy proxy sidecar does not perform targe certificate validation
Im not able to achieve this with any configuration. Is it possible?