Skip to content
Discussion options

You must be logged in to vote

Your instinct is right — TLS Passthrough + TLSRoute is the better fit here. I tested it and it works exactly as expected.

Recommendation: Let each backend own its own TLS configuration and use TLS Passthrough on the Gateway. The Gateway stays transparent and just forwards the request as is with no cert management at the gateway level at all. Services that need mTLS configure it on their own.

Setup tested:

Gateway with 2 TLS Passthrough listeners on separate ports
2 TLSRoutes, one per listener
catalog backend: standard TLS, no client cert required
payments backend: TLS + ssl_verify_client on, rejects requests without a valid client cert

Example File:

Gateway:

apiVersion: gateway.networking…

Replies: 1 comment 2 replies

Comment options

You must be logged in to vote
2 replies
@ahmed25dev
Comment options

@salonichf5
Comment options

Answer selected by salonichf5
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Category
Q&A
Labels
None yet
2 participants