We have 2 clusters each having their own independent CA(multiple meshes). We are looking at a way to acheive end to end mTLS trust across clusters so we can propagate clientID(spiffeID) and therefore apply Authn/Authz policies.
This document https://istio.io/docs/ops/deployment/deployment-models/#trust-between-meshes
says we can exchange trustBundle manually across clusters so we can trust and do end to end mTLS.
Haven’t found any examples/documentation regarding how to acheive this.