Feature Request: App http probe rewrite

[flaviosakakibara]

If you want to see App Mesh implement this idea, please upvote with a :+1:.

Tell us about your request What do you want us to build? As an AppMesh user I'd like to configure HTTP probes in my pods in a mesh that's using mTLS

Which integration(s) is this request for? Kubernetes (main focus EKS)

Tell us about the problem you're trying to solve. What are you trying to do, and why is it hard? After enabling mTLS, the client that tries to reach out to the pod would need to present a valid certificate according to the virtualnode.listener.tls.trust configuration but kubelet has no such certificate. With this in mind, it receives an empty reply from the envoy side car whenever trying to run the probe.

Are you currently working around this issue? Possible workaround would be to use tcpSocket probes and command probes however the first one does not allow the implementation of more "complex" http based checks and, to implement them using the second one, extra binaries/logic is needed in the application container which is not ideal.

Additional context The idea would be to have something like Istio does; To test this, you can deploy the mTLS example and add a simple probe checking the 8080 port of one of the color deployments.