...
NOTE - For this scenario, the default mesh wide policy must be set to "PERMISSIVE" on both the clusters. It will not work if the default Mesh Policy is "STRICT".
Important Info - cert-chain.pem is Envoy’s cert that needs to be presented to the other side. key.pem is Envoy’s private key paired with Envoy’s cert in cert-chain.pem. root-cert.pem is the root cert to verify the peer’s cert. In this example, we only have one Citadel in a cluster, so all Envoys have the same root-cert.pem.
...