I’m trying to implement a TLS termination in the sidecar side for outbound connections a specific service
My idea is to use HTTPS to call another service within the mesh, but still use mTLS between proxies. For example the ServiceA will query https://service-b.service.consul, this will resolve to service-b.default and the request should still use mTLS between sidecars. It would look something like:
ServiceA --(HTTPS)-->(TLS termination)ServiceAproxy(initiates mTLS)--(mTLS)-->ServiceBproxy--(plain text)-->ServiceB
I have already tried using various kind of Envoy Filters to implement the above but nothing seems to be working and now I am thinking if there is Wasam Plugin available which I can use to implement the above.
Any other ideas or suggestion are also appreciated.
Kubernetes Version:
Server Version: version.Info{Major:"1", Minor:"20", GitVersion:"v1.20.14", GitCommit:"57a3aa3f13699cf3db9c52d228c18db94fa81876", GitTreeState:"clean", BuildDate:"2021-12-15T14:47:10Z", GoVersion:"go1.15.15", Compiler:"gc", Platform:"linux/amd64"}
Istio Version:
client version: 1.12.1
control plane version: 1.12.1