Redis TLS Origination through the sidecar Author: Sam Stoelinga | Twitter: samosx | GitHub: samos123 Based on blog post: https://samos-it.com/posts/securing-redis-istio-tls-origniation-termination External DB container app container istio-proxy TCP TLS ● app talks unencrypted TCP to Redis ● Sidecar istio-proxy encrypts the Redis traffic and sends to external redis ● App doesn’t need to configure metrics available How it looks after TLS origination How to do Redis TLS origination with the sidecar? 1. Create ServiceEntry for external service such that Istio knows about Redis 2. Create DestinationRule