With tls enabled you can call https ExternalService over http mesh
Example:
URL: sandbox-pgw-ui.2c2p.com only have https endpoint ( http to https redirect)
$ curl -v http://sandbox-pgw-ui.2c2p.com/payment/4.1/
* Trying 65.9.17.26:80...
* TCP_NODELAY set
* Connected to sandbox-pgw-ui.2c2p.com (65.9.17.26) port 80 (#0)
> GET /payment/4.1/ HTTP/1.1
> Host: sandbox-pgw-ui.2c2p.com
> User-Agent: curl/7.68.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 301 Moved Permanently
< Server: CloudFront
< Date: Sat, 27 May 2023 13:08:34 GMT
< Content-Type: text/html
< Content-Length: 167
< Connection: keep-alive
< Location: https://sandbox-pgw-ui.2c2p.com/payment/4.1/
< X-Cache: Redirect from cloudfront
< Via: 1.1 920fe22ff36f037e8c6a26057f59c752.cloudfront.net (CloudFront)Whit this ExternalService
mesh: default
name: 2c2p
type: ExternalService
tags:
kuma.io/protocol: http
kuma.io/service: 2c2p
networking:
address: sandbox-pgw-ui.2c2p.com:443
tls:
enabled: trueAccess from pod to 2c2p ExternalService
root@nginx-696454d678-cq54f:/# curl -v http://sandbox-pgw-ui.2c2p.com/payment/4.1/
* Trying 240.0.0.21:80...
* Connected to sandbox-pgw-ui.2c2p.com (240.0.0.21) port 80 (#0)
> GET /payment/4.1/ HTTP/1.1
> Host: sandbox-pgw-ui.2c2p.com
> User-Agent: curl/7.74.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< content-type: text/html
< content-length: 2852
< date: Sat, 27 May 2023 13:07:11 GMT
< last-modified: Tue, 23 May 2023 03:54:53 GMT
< etag: "a90e6144c2bfaf0d0b948d2a7b0720ea"
< x-amz-server-side-encryption: AES256As you can see 240.0.0.21 is Kuma mesh cidr (240.0.0.0/4) even this curl to http service ,but it fully encrypted.
