Investigate mTLS for Istio

[mikedickey]

Some customers using Istio have reported the need to disable mTLS for the namespaces containing Splunk Enterprise pods.

Peer Authentication:
apiVersion: security.istio.io/v1beta1
kind: PeerAuthentication
metadata:
  name: splunk
  namespace: splunk
spec:
  mtls:
    mode: DISABLE

We should do some more investigation and testing on this. I imagine it's related to these annotations being added to get traffic flow working in our istio clusters. I'm not convinced we're doing the "right thing" here. If so, we need to document the above Istio patch. If not, we should change it.

[tnycum]

Has there been any movement on this issue in the past few years? I'd like to have mTLS working for splunk using Istio but the presence of these annotations make it seem not possible. Does the intra-cluster traffic on 8089 actually not work through the envoy proxies?