Disabling mTLS in sidecar proxy

Can I disable mTLS in transparent sidecar proxy but keep the ServiceIntentions enforcement rules? I can’t seem to make mTLS work seamlessly so I’d like to get rid of it though traffic approve/deny enforcement via intentions is something I’d happily keep.

Hey @mike-code

You can’t disable mTLS at the moment, unfortunately.

What is it about mTLS that doesn’t work seamlessly?

Things such as

Hi @mike-code,

Traefik 2.5 gained support for natively integrating with Consul service mesh (https://traefik.io/blog/integrating-consul-connect-service-mesh-with-traefik-2-5/).

Have you considered using this instead of deploying a sidecar alongside Traefik? This would allow Traefik to directly initiate mTLS connections to backend services instead of routing through an Envoy sidecar.