Package :



Table of Contents


Client mode determines if the translated istio resources (i.e. the service entries and workload entries) use sni routing or tls termination at the east west gateway during cross cluster routing. This option can be configured at either the WorkspaceSetting level, or on the VirtualDestination. Any virtual destination setting overrides a global fallback defined by an admin on the WorkspaceSettings.

Field Type Label Description
auto google.protobuf.Empty The default mode is to use sni routing via tls passthrough at the East/West Gateway to route to services across clusters. In the future, this may change to become smarter (e.g., detect if any pods backing the virtual destination don't have sidecars, if so, then use tls termination so all pods are routeable).
sniRouting google.protobuf.Empty Sni routing mode uses tls passthrough to route traffic to the proper pod (with sidecar) from the East/West Gateway.
tlsTermination google.protobuf.Empty Tls termination mode uses tls termination at the East/West Gateway to route traffic to the correct pod. This mode is ideal for Gloo Mesh Gateway, i.e. some backing pods don't have sidecars. Since TLS is terminated at the East/West Gateway, the backing service (if it has a sidecar) will not be able to verify the istio mTLS identity of the originating client; rather it will verify the istio mTLS cert of the East/West Gateway.