Twitter: samosx | GitHub: samos123 Based on blog post: https://samos-it.com/posts/securing-redis-istio-tls-origniation-termination.html What are we solving? Architecture: K8s app using Redis over TLS into Redis traffic Istio TLS Origination Architecture: K8s app using Redis over TLS only (TLS origination) app-1 Namespace ms-1 K8s Pod External DB container app container istio-proxy TCP TLS ● ● app talks unencrypted TCP to Redis ● Sidecar istio-proxy encrypts the Redis traffic and sends to external redis ● App doesn’t need to configure certs ● Traffic becomes more “visible” How traffic