What traffic routing options for a workload that's using TLS

My workloads use HTTPS.
Can I use virtual services’s http traffic routing rules with these workloads ?
I have only been able to be figure out that I can use a tls traffic routing rules (where I use the hostname).

I can’t figure out how/if I could use the richer rules available for http. ( I figure that the TLS would need to be terminated somewhere so that the request can be inspected but I don’t know where/how to achieve this).
For example would I have to convert my workloads to use HTTP and then set up mTLS so traffic between services is encrypted by the proxy rather than by the workloads themselves ?