Hi there. I’m pretty new to Linkerd and we’re currently just evaluating it, so please excuse my ignorance if this question has an obvious answer.
As far as I can tell, Linkerd’s automatic mTLS uses SPIFFEE to generate unique service ids. We are currently using mTLS to authenticate our services to Keycloak (an IDP), and have to do a lot of certificate plumbing basically manually.
Of course it would be extremely convenient to just use the Linkerd-generated identities as an mTLS identity towards Keycloak.
Is there a way to not terminate the mTLS connection at one point, and instead connect directly with this identity to a service?