Discussion popped up during the work on: gardener/gardener#14730
The PR included a fix for the HTTP/2 communication between istio and the otel collector in the control-plane.
During the work on that, Johannes & Oliver proposed that we encrypt the internal traffic from the istio to the collector, but I proposed that we leave that for a later point.
Not sure how the solution would fully look like, but I assume a ref to the secretsManager will have to be passed to the otel-collector component and using it a certificate should be generated.
Following that, the DestinationRule should be updated as per: gardener/gardener#14730 (comment)
Discussion popped up during the work on: gardener/gardener#14730
The PR included a fix for the HTTP/2 communication between istio and the otel collector in the control-plane.
During the work on that, Johannes & Oliver proposed that we encrypt the internal traffic from the istio to the collector, but I proposed that we leave that for a later point.
Not sure how the solution would fully look like, but I assume a ref to the secretsManager will have to be passed to the otel-collector component and using it a certificate should be generated.
Following that, the
DestinationRuleshould be updated as per: gardener/gardener#14730 (comment)