Sometimes you may want traffic from Emissary-ingress to your services to be encrypted. For the cases where terminating TLS at the ingress is not enough, Emissary-ingress can be configured to originate TLS connections to your upstream services.
Telling Emissary-ingress to talk to your services over HTTPS is easily configured in the
Mapping definition by setting
https:// in the
If your upstream services require more than basic HTTPS support (for example, providing a client certificate or
setting the minimum TLS version support) you must create a
TLSContext for Emissary-ingress to use when
originating TLS. For example:
Configure Emissary-ingress to use this
TLSContext for connections to upstream services by setting the
tls attribute of a
example-service service must now support TLS v1.3 for Emissary-ingress to connect.