We are currently using Traefik to support a wide range of microservices. the way our set up is currently architected is that we have envoy to envoy communication with Traefik sitting in the middle of the to facilitate how requests are redirected. Our traefik app is currently configured to use a host header to redirect requests to other microservices envoy container.
The question now becomes: We need to encrypt all traffic within this network. The best possible outcome for us as we see if is shipping self signed certs that we can use to the envoys for encyption and decryption as well as Traefik for tls termination at the proxy layer to read the headers.
This seems like it would work, however, we would like a way for avoiding early termination at traefik. I notice the docs say that currently that feature is provided with a tls passthrough flag. Would this be our best cause of action in this case?