Can I disable mTLS in transparent sidecar proxy but keep the ServiceIntentions enforcement rules? I can’t seem to make mTLS work seamlessly so I’d like to get rid of it though traffic approve/deny enforcement via intentions is something I’d happily keep.
You can’t disable mTLS at the moment, unfortunately.
What is it about mTLS that doesn’t work seamlessly?
Things such as
- Make Traefik not expose underlying Consul TLS - Traefik v2 - Traefik Labs Community Forum
- I’ve noticed that this issue occurs much less frequently now that I don’t use proxy (not sure if that was the culprit as this issue still occurs, just rarely)
- I was also worried about this comment. In fact I’m trying to integrate Vault with existing Consul cluster right now and it’s not an easy task even w/o the proxy…