I am running a k8s daemonset linkerd (v1.4.5) configuration with TLS encryption between nodes and it is working well. So services are listening on http and utilizing linkerd to handle encryption between the nodes using a mesh certificate.
However there is one application, which is a Spring Boot Admin (https://www.baeldung.com/spring-boot-admin) that services register with and attempts to connect with them directly via their pod IP address and port as opposed to the service name. Using the io.buoyant.rinet router unsecured this can connect just fine, but I want this communication to be secured. When I use io.buoyant.rinet router with TLS it upgrades the connection to https and it finds the IP, but that IP is only talking http so that does not work obviously.
I have a routing set up similar to servicemesh.yaml where I have a router that uses the daemonset to upgrade the connection and route to another localnode router that downgrades the TLS connection, however I do not know how I can route using the direct pod ip & port to this router to downgrade appropriately.
The issue is somewhat similar to Targeting a specific Kubernetes pod
I think if I can figure out a way to use a k8s based namer to route to the pod directly then I can get this working but I have been unable to do that so far. Kubernetes provides dns names like 9-8-7-6.ns.pod.cluster.local:5432 for pods and I figure that I the starting point of a dtab but nothing I have attempted so far along those lines has worked.
Does anyone have any help to offer?