App to Vault communication using Service Mesh mTLS within Kubernetes

Hello, we are planning to deploy a HashiCorp Vault cluster in each of our Kubernetes (EKS) clusters. Apps that run in that cluster should communicate to Vault using encryption in transit. Instead of using the internal TLS configuration of Vault, we thought it might be easier to implement a service mesh, and mTLS since encryption in transit will be a requirement for all k8s apps later.

What are your thoughts? Are there any roadblocks, that we’re not aware of?

Not enabling TLS means that cert auth method can not be enabled. if this is something you will never use then go ahead.